GET /v1/computers/{:connector_guid}/trajectory
Description
Provides list of all activities associated with a particular computer. This is analogous to the Device Trajectory on the FireAMP Console.
Using the q
parameter, you can search for an IP Address, SHA256 or URL.
Query Parameters
Name | Type | Example Values | Description |
---|---|---|---|
q |
String | 37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7 | |
limit |
Integer | 5 |
Name | Type | Description |
---|---|---|
version | String | |
metadata.links.self | String | |
data.computer.connector_guid | GUID | |
data.computer.hostname | String | |
data.computer.active | Boolean | |
data.computer.links.computer | String | |
data.computer.links.trajectory | String | |
data.computer.links.group | String | |
data.computer.connector_version | String | |
data.computer.operating_system | String | |
data.computer.internal_ips | Array | |
data.computer.internal_ips[] | String | |
data.computer.external_ip | String | |
data.computer.group_guid | GUID | |
data.computer.install_date | String (Time ISO8601) | |
data.computer.network_addresses | Array | |
data.computer.network_addresses[].mac | String | |
data.computer.network_addresses[].ip | String | |
data.computer.policy.guid | GUID | |
data.computer.policy.name | String | |
data.events | Array | |
data.events[].timestamp | Integer | |
data.events[].timestamp_nanoseconds | Integer | |
data.events[].date | String (Time ISO8601) | |
data.events[].event_type | String | |
data.events[].detection | String | |
data.events[].group_guids | Array | |
data.events[].group_guids[] | GUID | |
data.events[].file.disposition | String | |
data.events[].file.file_name | String | |
data.events[].file.file_path | String | |
data.events[].file.file_type | String | |
data.events[].file.identity.sha256 | String | |
data.events[].file.parent.disposition | String | |
data.events[].file.parent.identity.sha256 | String |
Examples
- Fetch a specific computer's trajectory with given connector_guid
- Fetch a specific computer's trajectory with given connector_guid and filter for files with a SHA-...
Fetch a specific computer's trajectory with given connector_guid
Request
Requires AuthorizationGET /v1/computers/6422df21-1d8d-4b36-9498-f5e7b9cdf706/trajectory
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.apjc.amp.cisco.com/v1/computers/6422df21-1d8d-4b36-9498-f5e7b9cdf706/trajectory'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.apjc.amp.cisco.com/v1/computers/6422df21-1d8d-4b36-9498-f5e7b9cdf706/trajectory'
Shortened for readability
strict-transport-security: max-age=31536000 content-type: application/json; charset=utf-8 status: 200 OK x-ratelimit-limit: 3000 x-ratelimit-reset: 1847 x-ratelimit-remaining: 2892 x-frame-options: SAMEORIGIN x-ratelimit-resetdate: 2019-01-09T17:44:06Z transfer-encoding: chunked
{
"version": "v1.2.0",
"metadata": {
"links": {
"self": "https://api.apjc.amp.cisco.com/v1/computers/6422df21-1d8d-4b36-9498-f5e7b9cdf706/trajectory"
}
},
"data": {
"computer": {
"connector_guid": "6422df21-1d8d-4b36-9498-f5e7b9cdf706",
"hostname": "Demo_SFEicar",
"active": true,
"links": {
"computer": "https://api.apjc.amp.cisco.com/v1/computers/6422df21-1d8d-4b36-9498-f5e7b9cdf706",
"trajectory": "https://api.apjc.amp.cisco.com/v1/computers/6422df21-1d8d-4b36-9498-f5e7b9cdf706/trajectory",
"group": "https://api.apjc.amp.cisco.com/v1/groups/b077d6bc-bbdf-42f7-8838-a06053fbd98a"
},
"connector_version": "4.1.7.10201",
"operating_system": "Windows 7, SP 1.0",
"internal_ips": [
"250.52.42.30"
],
"external_ip": "74.19.208.197",
"group_guid": "b077d6bc-bbdf-42f7-8838-a06053fbd98a",
"install_date": "2016-05-20T19:20:00Z",
"network_addresses": [
{
"mac": "34:8e:92:7b:d6:45",
"ip": "250.52.42.30"
}
],
"policy": {
"guid": "89912c9e-8dbd-4c2b-a1d8-dee8a0c2bb29",
"name": "Audit Policy"
},
"faults": [
]
},
"events": [
{
"timestamp": 1546926845,
"timestamp_nanoseconds": 843847864,
"date": "2019-01-08T05:54:05+00:00",
"event_type": "Created by",
"group_guids": [
"b077d6bc-bbdf-42f7-8838-a06053fbd98a"
],
"file": {
"disposition": "Unknown",
"file_type": "MS OLE2 CF",
"identity": {
"sha256": "c5f84ac84cc3f4bbecbc028da118babf70665bcdcd0d717c9a431cb69cde156d"
},
"parent": {
"disposition": "Clean",
"identity": {
"sha256": "33aea920d88654fe20477e1c2fd57334a75d9006166c645156daaf2cc008203f"
}
}
}
},
{
"timestamp": 1546923245,
"timestamp_nanoseconds": 843847864,
"date": "2019-01-08T04:54:05+00:00",
"event_type": "Created by",
"group_guids": [
"b077d6bc-bbdf-42f7-8838-a06053fbd98a"
],
"file": {
"disposition": "Unknown",
"file_type": "MS OLE2 CF",
"identity": {
"sha256": "c5f84ac84cc3f4bbecbc028da118babf70665bcdcd0d717c9a431cb69cde156d"
},
"parent": {
"disposition": "Clean",
"identity": {
"sha256": "33aea920d88654fe20477e1c2fd57334a75d9006166c645156daaf2cc008203f"
}
}
}
}
]
}
}
Fetch a specific computer's trajectory with given connector_guid and filter for files with a SHA-256 value
Request
Requires AuthorizationGET /v1/computers/6422df21-1d8d-4b36-9498-f5e7b9cdf706/trajectory?q=37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7&limit=5
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.apjc.amp.cisco.com/v1/computers/6422df21-1d8d-4b36-9498-f5e7b9cdf706/trajectory?q=37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7&limit=5'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.apjc.amp.cisco.com/v1/computers/6422df21-1d8d-4b36-9498-f5e7b9cdf706/trajectory?q=37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7&limit=5'
Shortened for readability
strict-transport-security: max-age=31536000 content-type: application/json; charset=utf-8 status: 200 OK x-ratelimit-limit: 3000 x-ratelimit-reset: 1846 x-ratelimit-remaining: 2890 x-frame-options: SAMEORIGIN x-ratelimit-resetdate: 2019-01-09T17:44:06Z transfer-encoding: chunked
{
"version": "v1.2.0",
"metadata": {
"links": {
"self": "https://api.apjc.amp.cisco.com/v1/computers/6422df21-1d8d-4b36-9498-f5e7b9cdf706/trajectory?q=37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7&limit=5"
}
},
"data": {
"computer": {
"connector_guid": "6422df21-1d8d-4b36-9498-f5e7b9cdf706",
"hostname": "Demo_SFEicar",
"active": true,
"links": {
"computer": "https://api.apjc.amp.cisco.com/v1/computers/6422df21-1d8d-4b36-9498-f5e7b9cdf706",
"trajectory": "https://api.apjc.amp.cisco.com/v1/computers/6422df21-1d8d-4b36-9498-f5e7b9cdf706/trajectory",
"group": "https://api.apjc.amp.cisco.com/v1/groups/b077d6bc-bbdf-42f7-8838-a06053fbd98a"
},
"connector_version": "4.1.7.10201",
"operating_system": "Windows 7, SP 1.0",
"internal_ips": [
"250.52.42.30"
],
"external_ip": "74.19.208.197",
"group_guid": "b077d6bc-bbdf-42f7-8838-a06053fbd98a",
"install_date": "2016-05-20T19:20:00Z",
"network_addresses": [
{
"mac": "34:8e:92:7b:d6:45",
"ip": "250.52.42.30"
}
],
"policy": {
"guid": "89912c9e-8dbd-4c2b-a1d8-dee8a0c2bb29",
"name": "Audit Policy"
},
"faults": [
]
},
"events": [
]
}
}