GET /v1/computers/{:connector_guid}/user_trajectory
Description
Query Parameters
Name | Type | Example Values | Description |
---|---|---|---|
q |
String | johndoe | |
limit |
Integer | 5 |
Name | Type | Description |
---|---|---|
version | String | |
metadata.links.self | String | |
data.computer.connector_guid | GUID | |
data.computer.hostname | String | |
data.computer.active | Boolean | |
data.computer.links.computer | String | |
data.computer.links.trajectory | String | |
data.computer.links.group | String | |
data.events | Array | |
data.events[].id | String | |
data.events[].timestamp | Integer | |
data.events[].timestamp_nanoseconds | Integer | |
data.events[].date | String (Time ISO8601) | |
data.events[].event_type | String | |
data.events[].event_type_id | Integer | |
data.events[].detection | String | |
data.events[].detection_id | String | |
data.events[].group_guids | Array | |
data.events[].group_guids[] | GUID | |
data.events[].severity | String | |
data.events[].file.disposition | String | |
data.events[].file.file_name | String | |
data.events[].file.file_path | String | |
data.events[].file.identity.sha256 | String | |
data.events[].file.identity.sha1 | String | |
data.events[].file.identity.md5 | String | |
data.events[].user_name | String |
Examples
- Fetch a specific computer's trajectory with given connector_guid and filter for events with user ...
Fetch a specific computer's trajectory with given connector_guid and filter for events with user name activity
Request
Requires AuthorizationGET /v1/computers/52a44022-2549-4f20-b7e3-d18070607eeb/user_trajectory?q=johndoe&limit=5
Headers
accept: application/json
content-type: application/json
accept-encoding: identity
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'accept-encoding: identity' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers/52a44022-2549-4f20-b7e3-d18070607eeb/user_trajectory?q=johndoe&limit=5'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ -H 'accept-encoding: identity' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.amp.cisco.com/v1/computers/52a44022-2549-4f20-b7e3-d18070607eeb/user_trajectory?q=johndoe&limit=5'
Shortened for readability
content-type: application/json transfer-encoding: chunked status: 200 OK x-ratelimit-limit: 3000 x-ratelimit-reset: 894 strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000 referrer-policy: strict-origin-when-cross-origin x-ratelimit-remaining: 2843 x-permitted-cross-domain-policies: none x-download-options: noopen etag: W/"ac2de2dd0acb9e724f614e5546239c82" x-frame-options: SAMEORIGIN x-ratelimit-resetdate: 2022-03-18T11:55:11Z
{
"version": "v1.2.0",
"metadata": {
"links": {
"self": "https://api.amp.cisco.com/v1/computers/52a44022-2549-4f20-b7e3-d18070607eeb/user_trajectory?q=johndoe&limit=5"
}
},
"data": {
"computer": {
"connector_guid": "52a44022-2549-4f20-b7e3-d18070607eeb",
"hostname": "Demo_Qakbot_3",
"active": true,
"links": {
"computer": "https://api.amp.cisco.com/v1/computers/52a44022-2549-4f20-b7e3-d18070607eeb",
"trajectory": "https://api.amp.cisco.com/v1/computers/52a44022-2549-4f20-b7e3-d18070607eeb/user_trajectory",
"group": "https://api.amp.cisco.com/v1/groups/b077d6bc-bbdf-42f7-8838-a06053fbd98a"
}
},
"events": [
{
"id": "6412680266518626331",
"timestamp": 1647548285,
"timestamp_nanoseconds": 478000000,
"date": "2022-03-17T20:18:05+00:00",
"event_type": "Threat Detected",
"event_type_id": 1090519054,
"detection": "W32.E4FCCBFA69-95.SBX.TG",
"detection_id": "6412680266518626316",
"group_guids": [
"e29f7b3c-42a7-4aa4-b56b-55bc95da8a74"
],
"severity": "Medium",
"file": {
"disposition": "Unknown",
"file_name": "28242311.exe",
"file_path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\28242311.exe",
"identity": {
"sha256": "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014",
"sha1": "f504774b72acfb23a46217aec9c6559fd7e4df64",
"md5": "b5ede95ec8bc4ad6984758be42b152bd"
}
},
"user_name": "johndoe"
},
{
"id": "6412680266518626333",
"timestamp": 1647548285,
"timestamp_nanoseconds": 494000000,
"date": "2022-03-17T20:18:05+00:00",
"event_type": "Threat Detected",
"event_type_id": 1090519054,
"detection": "W32.E4FCCBFA69-95.SBX.TG",
"detection_id": "6412680266518626317",
"group_guids": [
"e29f7b3c-42a7-4aa4-b56b-55bc95da8a74"
],
"severity": "Medium",
"file": {
"disposition": "Unknown",
"file_name": "28242311.exe",
"file_path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\28242311.exe",
"identity": {
"sha256": "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"
},
"parent": {
"process_id": 4788,
"disposition": "Unknown",
"file_name": "28242311.exe",
"identity": {
"sha256": "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"
}
}
},
"user_name": "johndoe"
}
]
}
}