Cisco AMP for Endpoints API

GET /v1/computers/{:connector_guid}/vulnerabilities

Description

Provides a list of vulnerabilities observed on a specific computer.

The list can be filtered to show only the vulnerable applications observed for a specific time range. For example, the query string: start_time=2019-05-15&end_time=2019-05-20, will return any vulnerable applications observed during the period from 2019-05-15 to 2019-05-20.

The start_time and end_time parameters accept date and time expressed according to ISO 8601.

Query Parameters

Name	Type	Example Values	Description
`start_time`	String (Time ISO8601)	2019-05-09T08:15:22+00:00, 2019-05-09	Inclusive (The list will include vulnerable programs detected at start_time)
`end_time`	String (Time ISO8601)	2019-05-16T08:15:22+00:00, 2019-05-16	Exclusive - if end_time is a time (The list will only include vulnerable programs detected before end_time); Inclusive - if end_time is a date (The list will include vulnerable programs detected on the date)
`offset`	Integer	10
`limit`	Integer	10

Show Response Fields

Name	Type	Description
version	String
metadata.links.self	String
metadata.links.prev	String
metadata.results.total	Integer
metadata.results.current_item_count	Integer
metadata.results.index	Integer
metadata.results.items_per_page	Integer
data.connector_guid	GUID
data.hostname	String
data.vulnerabilities	Array
data.links.computer	String
data.links.trajectory	String

Write

Preview

Describe this action in markdown

Provides a list of vulnerabilities observed on a specific computer.

The list can be filtered to show only the vulnerable applications observed for a specific time range. For example, the query string: `start_time=2019-05-15&end_time=2019-05-20`, will return any vulnerable applications observed during the period from 2019-05-15 to 2019-05-20.

The `start_time` and `end_time` parameters accept date and time expressed according to ISO 8601.

### Query Parameters

|Name|Type|Example Values|Description|
|----|----|----|----|
|`start_time`|String (Time ISO8601)|2019-05-09T08:15:22+00:00, 2019-05-09|Inclusive (The list will include vulnerable programs detected at start_time)|
|`end_time`|String (Time ISO8601)|2019-05-16T08:15:22+00:00, 2019-05-16|Exclusive - if end_time is a time (The list will only include vulnerable programs detected before end_time); Inclusive - if end_time is a date (The list will include vulnerable programs detected on the date)|
|`offset`|Integer|10||
|`limit`|Integer|10||
[Show Response Fields](response-fields)

|Name|Type|Description|
|---|---|---|
|version|String||
|metadata.links.self|String||
|metadata.links.prev|String||
|metadata.results.total|Integer||
|metadata.results.current_item_count|Integer||
|metadata.results.index|Integer||
|metadata.results.items_per_page|Integer||
|data.connector_guid|GUID||
|data.hostname|String||
|data.vulnerabilities|Array||
|data.links.computer|String||
|data.links.trajectory|String||

Auto Generate

Examples

Fetch a specific computer's vulnerabilities with given connector_guid

Fetch a specific computer's vulnerabilities with given connector_guid and filter by time range

Fetch a specific computer's vulnerabilities with given connector_guid and filter by date range

Fetch a specific computer's vulnerabilities with given connector_guid

Request

Requires Authorization

GET /v1/computers/17d71471-805b-4183-9121-3924b8982fac/vulnerabilities?offset=0&limit=5

Headers

accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/vulnerabilities?offset=0&limit=5'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3572
x-ratelimit-remaining: 2959
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2020-02-20T19:42:33Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/vulnerabilities?offset=0&limit=5"
    },
    "results": {
      "total": 2,
      "current_item_count": 2,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": {
    "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
    "hostname": "Demo_ZAccess",
    "windows_processor_id": "e62f489173b0da5",
    "active": true,
    "links": {
      "computer": "https://api.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
      "trajectory": "https://api.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
      "group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
    },
    "group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e",
    "vulnerabilities": [
      {
        "application": "Oracle Java(TM) Platform SE",
        "version": "1.7.0:update_10",
        "file": {
          "filename": "java.exe",
          "identity": {
            "sha256": "0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9"
          }
        },
        "cves": [
          {
            "id": "CVE-2013-5830",
            "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5830",
            "cvss": 10
          },
          {
            "id": "CVE-2013-5843",
            "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5843",
            "cvss": 10
          }
        ],
        "latest_timestamp": 1582218305,
        "latest_date": "2020-02-20T17:05:05+00:00"
      },
      {
        "application": "Adobe Flash Player",
        "version": "11.5.502.146",
        "file": {
          "filename": "FlashPlayerApp.exe",
          "identity": {
            "sha256": "c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b"
          }
        },
        "cves": [
          {
            "id": "CVE-2013-3333",
            "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3333",
            "cvss": 10
          },
          {
            "id": "CVE-2014-0502",
            "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502",
            "cvss": 10
          }
        ],
        "latest_timestamp": 1582013149,
        "latest_date": "2020-02-18T08:05:49+00:00"
      }
    ]
  }
}

Fetch a specific computer's vulnerabilities with given connector_guid and filter by time range

Request

Requires Authorization

GET /v1/computers/17d71471-805b-4183-9121-3924b8982fac/vulnerabilities?start_time=2020-02-18T17%3A05%3A49%2B00%3A00&end_time=2020-02-20T17%3A05%3A49%2B00%3A00&offset=0&limit=5

Headers

accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/vulnerabilities?start_time=2020-02-18T17%3A05%3A49%2B00%3A00&end_time=2020-02-20T17%3A05%3A49%2B00%3A00&offset=0&limit=5'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3572
x-ratelimit-remaining: 2958
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2020-02-20T19:42:33Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/vulnerabilities?start_time=2020-02-18T17%3A05%3A49%2B00%3A00&end_time=2020-02-20T17%3A05%3A49%2B00%3A00&offset=0&limit=5"
    },
    "results": {
      "total": 1,
      "current_item_count": 1,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": {
    "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
    "hostname": "Demo_ZAccess",
    "windows_processor_id": "e62f489173b0da5",
    "active": true,
    "links": {
      "computer": "https://api.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
      "trajectory": "https://api.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
      "group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
    },
    "group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e",
    "vulnerabilities": [
      {
        "application": "Oracle Java(TM) Platform SE",
        "version": "1.7.0:update_10",
        "file": {
          "filename": "java.exe",
          "identity": {
            "sha256": "0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9"
          }
        },
        "cves": [
          {
            "id": "CVE-2013-5830",
            "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5830",
            "cvss": 10
          },
          {
            "id": "CVE-2013-5843",
            "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5843",
            "cvss": 10
          }
        ],
        "latest_timestamp": 1582218305,
        "latest_date": "2020-02-20T17:05:05+00:00"
      }
    ]
  }
}

Fetch a specific computer's vulnerabilities with given connector_guid and filter by date range

Request

Requires Authorization

GET /v1/computers/17d71471-805b-4183-9121-3924b8982fac/vulnerabilities?start_time=2020-02-18&end_time=2020-02-20&offset=0&limit=5

Headers

accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/vulnerabilities?start_time=2020-02-18&end_time=2020-02-20&offset=0&limit=5'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3571
x-ratelimit-remaining: 2957
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2020-02-20T19:42:33Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/vulnerabilities?start_time=2020-02-18&end_time=2020-02-20&offset=0&limit=5"
    },
    "results": {
      "total": 2,
      "current_item_count": 2,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": {
    "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
    "hostname": "Demo_ZAccess",
    "windows_processor_id": "df982a105b4e367",
    "active": true,
    "links": {
      "computer": "https://api.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
      "trajectory": "https://api.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
      "group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
    },
    "group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e",
    "vulnerabilities": [
      {
        "application": "Adobe Flash Player",
        "version": "11.5.502.146",
        "file": {
          "filename": "FlashPlayerApp.exe",
          "identity": {
            "sha256": "c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b"
          }
        },
        "cves": [
          {
            "id": "CVE-2013-3333",
            "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3333",
            "cvss": 10
          },
          {
            "id": "CVE-2014-0502",
            "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502",
            "cvss": 10
          }
        ],
        "latest_timestamp": 1582218349,
        "latest_date": "2020-02-20T17:05:49+00:00"
      },
      {
        "application": "Oracle Java(TM) Platform SE",
        "version": "1.7.0:update_10",
        "file": {
          "filename": "java.exe",
          "identity": {
            "sha256": "0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9"
          }
        },
        "cves": [
          {
            "id": "CVE-2013-5830",
            "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5830",
            "cvss": 10
          },
          {
            "id": "CVE-2013-5843",
            "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5843",
            "cvss": 10
          }
        ],
        "latest_timestamp": 1582218305,
        "latest_date": "2020-02-20T17:05:05+00:00"
      }
    ]
  }
}