Cisco AMP for Endpoints API

GET /v1/computers/{:connector_guid}/vulnerabilities

Description

Provides a list of vulnerabilities observed on a specific computer.

The list can be filtered to show only the vulnerable applications observed for a specific time range. For example, the query string: start_time=2019-05-15&end_time=2019-05-20, will return any vulnerable applications observed during the period from 2019-05-15 to 2019-05-20.

The start_time and end_time parameters accept date and time expressed according to ISO 8601.

Query Parameters

Name	Type	Example Values	Description
`start_time`	String (Time ISO8601)	2019-05-09T08:15:22+00:00, 2019-05-09	Inclusive (The list will include vulnerable programs detected at start_time)
`end_time`	String (Time ISO8601)	2019-05-16T08:15:22+00:00, 2019-05-16	Exclusive - if end_time is a time (The list will only include vulnerable programs detected before end_time); Inclusive - if end_time is a date (The list will include vulnerable programs detected on the date)
`offset`	Integer	10
`limit`	Integer	10

Show Response Fields

Name	Type	Description
version	String
metadata.links.self	String
metadata.links.prev	String
metadata.results.total	Integer
metadata.results.current_item_count	Integer
metadata.results.index	Integer
metadata.results.items_per_page	Integer
data.connector_guid	GUID
data.hostname	String
data.vulnerabilities	Array
data.links.computer	String
data.links.trajectory	String

Write

Preview

Describe this action in markdown

Provides a list of vulnerabilities observed on a specific computer.

The list can be filtered to show only the vulnerable applications observed for a specific time range. For example, the query string: `start_time=2019-05-15&end_time=2019-05-20`, will return any vulnerable applications observed during the period from 2019-05-15 to 2019-05-20.

The `start_time` and `end_time` parameters accept date and time expressed according to ISO 8601.

### Query Parameters

|Name|Type|Example Values|Description|
|----|----|----|----|
|`start_time`|String (Time ISO8601)|2019-05-09T08:15:22+00:00, 2019-05-09|Inclusive (The list will include vulnerable programs detected at start_time)|
|`end_time`|String (Time ISO8601)|2019-05-16T08:15:22+00:00, 2019-05-16|Exclusive - if end_time is a time (The list will only include vulnerable programs detected before end_time); Inclusive - if end_time is a date (The list will include vulnerable programs detected on the date)|
|`offset`|Integer|10||
|`limit`|Integer|10||
[Show Response Fields](response-fields)

|Name|Type|Description|
|---|---|---|
|version|String||
|metadata.links.self|String||
|metadata.links.prev|String||
|metadata.results.total|Integer||
|metadata.results.current_item_count|Integer||
|metadata.results.index|Integer||
|metadata.results.items_per_page|Integer||
|data.connector_guid|GUID||
|data.hostname|String||
|data.vulnerabilities|Array||
|data.links.computer|String||
|data.links.trajectory|String||

Auto Generate

Examples

Fetch a specific computer's vulnerabilities with given connector_guid

Fetch a specific computer's vulnerabilities with given connector_guid and filter by time range

Fetch a specific computer's vulnerabilities with given connector_guid and filter by date range

Fetch a specific computer's vulnerabilities with given connector_guid

Request

Requires Authorization

GET /v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/vulnerabilities?offset=0&limit=5

Headers

accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/vulnerabilities?offset=0&limit=5'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3559
x-ratelimit-remaining: 2933
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2019-11-01T18:03:14Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/vulnerabilities?offset=0&limit=5"
    },
    "results": {
      "total": 3,
      "current_item_count": 3,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": {
    "connector_guid": "0f6de888-e023-4020-8f0b-a82d64de8ef3",
    "hostname": "Demo_AMP_Intel",
    "active": true,
    "links": {
      "computer": "https://api.amp.cisco.com/v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3",
      "trajectory": "https://api.amp.cisco.com/v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/trajectory",
      "group": "https://api.amp.cisco.com/v1/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
    },
    "group_guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03",
    "vulnerabilities": [
      {
        "application": "Microsoft Internet Explorer",
        "version": "11",
        "file": {
          "filename": "mshtml.dll",
          "identity": {
            "sha256": "d1bea74ac9d85b3dcd4abc1af42af6c37b9349defc8e6577993611b773f56ca0"
          }
        },
        "cves": [
          {
            "id": "CVE-2018-0762",
            "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0762",
            "cvss": 7.6
          },
          {
            "id": "CVE-2018-0772",
            "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0772",
            "cvss": 7.6
          }
        ],
        "latest_timestamp": 1570640547,
        "latest_date": "2019-10-09T17:02:27+00:00"
      },
      {
        "application": "Microsoft Internet Explorer",
        "version": "11",
        "file": {
          "filename": "mshtml.dll",
          "identity": {
            "sha256": "1dc5d15a26a79bb46519952a60b15aa4acb36f6ce3247ebf50df9c157bc4fcf4"
          }
        },
        "cves": [
          {
            "id": "CVE-2018-0762",
            "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0762",
            "cvss": 7.6
          },
          {
            "id": "CVE-2018-0772",
            "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0772",
            "cvss": 7.6
          }
        ],
        "latest_timestamp": 1570640546,
        "latest_date": "2019-10-09T17:02:26+00:00"
      }
    ]
  }
}

Fetch a specific computer's vulnerabilities with given connector_guid and filter by time range

Request

Requires Authorization

GET /v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/vulnerabilities?start_time=2019-10-07T17%3A02%3A27%2B00%3A00&end_time=2019-10-09T17%3A02%3A27%2B00%3A00&offset=0&limit=5

Headers

accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/vulnerabilities?start_time=2019-10-07T17%3A02%3A27%2B00%3A00&end_time=2019-10-09T17%3A02%3A27%2B00%3A00&offset=0&limit=5'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3557
x-ratelimit-remaining: 2926
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2019-11-01T18:03:14Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/vulnerabilities?start_time=2019-10-07T17%3A02%3A27%2B00%3A00&end_time=2019-10-09T17%3A02%3A27%2B00%3A00&offset=0&limit=5"
    },
    "results": {
      "total": 3,
      "current_item_count": 3,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": {
    "connector_guid": "0f6de888-e023-4020-8f0b-a82d64de8ef3",
    "hostname": "Demo_AMP_Intel",
    "active": true,
    "links": {
      "computer": "https://api.amp.cisco.com/v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3",
      "trajectory": "https://api.amp.cisco.com/v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/trajectory",
      "group": "https://api.amp.cisco.com/v1/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
    },
    "group_guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03",
    "vulnerabilities": [
      {
        "application": "Microsoft Internet Explorer",
        "version": "11",
        "file": {
          "filename": "mshtml.dll",
          "identity": {
            "sha256": "1dc5d15a26a79bb46519952a60b15aa4acb36f6ce3247ebf50df9c157bc4fcf4"
          }
        },
        "cves": [
          {
            "id": "CVE-2018-0762",
            "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0762",
            "cvss": 7.6
          },
          {
            "id": "CVE-2018-0772",
            "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0772",
            "cvss": 7.6
          }
        ],
        "latest_timestamp": 1570640546,
        "latest_date": "2019-10-09T17:02:26+00:00"
      },
      {
        "application": "Microsoft Office",
        "version": "2016",
        "file": {
          "filename": "OUTLOOK.EXE",
          "identity": {
            "sha256": "465f398ae8e3c32395eb7c04bc8cd24595068e6a127e243bed3e9b4931556bfc"
          }
        },
        "cves": [
          {
            "id": "CVE-2017-0106",
            "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0106",
            "cvss": 9.3
          },
          {
            "id": "CVE-2017-11774",
            "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11774",
            "cvss": 6.8
          }
        ],
        "latest_timestamp": 1570638773,
        "latest_date": "2019-10-09T16:32:53+00:00"
      }
    ]
  }
}

Fetch a specific computer's vulnerabilities with given connector_guid and filter by date range

Request

Requires Authorization

GET /v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/vulnerabilities?start_time=2019-10-07&end_time=2019-10-09&offset=0&limit=5

Headers

accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/vulnerabilities?start_time=2019-10-07&end_time=2019-10-09&offset=0&limit=5'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3555
x-ratelimit-remaining: 2919
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2019-11-01T18:03:14Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/vulnerabilities?start_time=2019-10-07&end_time=2019-10-09&offset=0&limit=5"
    },
    "results": {
      "total": 3,
      "current_item_count": 3,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": {
    "connector_guid": "0f6de888-e023-4020-8f0b-a82d64de8ef3",
    "hostname": "Demo_AMP_Intel",
    "active": true,
    "links": {
      "computer": "https://api.amp.cisco.com/v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3",
      "trajectory": "https://api.amp.cisco.com/v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/trajectory",
      "group": "https://api.amp.cisco.com/v1/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
    },
    "group_guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03",
    "vulnerabilities": [
      {
        "application": "Microsoft Internet Explorer",
        "version": "11",
        "file": {
          "filename": "mshtml.dll",
          "identity": {
            "sha256": "d1bea74ac9d85b3dcd4abc1af42af6c37b9349defc8e6577993611b773f56ca0"
          }
        },
        "cves": [
          {
            "id": "CVE-2018-0762",
            "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0762",
            "cvss": 7.6
          },
          {
            "id": "CVE-2018-0772",
            "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0772",
            "cvss": 7.6
          }
        ],
        "latest_timestamp": 1570640547,
        "latest_date": "2019-10-09T17:02:27+00:00"
      },
      {
        "application": "Microsoft Internet Explorer",
        "version": "11",
        "file": {
          "filename": "mshtml.dll",
          "identity": {
            "sha256": "1dc5d15a26a79bb46519952a60b15aa4acb36f6ce3247ebf50df9c157bc4fcf4"
          }
        },
        "cves": [
          {
            "id": "CVE-2018-0762",
            "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0762",
            "cvss": 7.6
          },
          {
            "id": "CVE-2018-0772",
            "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0772",
            "cvss": 7.6
          }
        ],
        "latest_timestamp": 1570640546,
        "latest_date": "2019-10-09T17:02:26+00:00"
      }
    ]
  }
}