Cisco AMP for Endpoints API

GET /v1/computers/user_activity

Description

Query Parameters

Name Type Example Values Description
q String johndoe
limit Integer 3

Show Response Fields

Name Type Description
version String
metadata.links.self String
metadata.links.next String
metadata.results.total Integer
metadata.results.current_item_count Integer
metadata.results.index Integer
metadata.results.items_per_page Integer
data Array
data[].connector_guid GUID
data[].hostname String
data[].active Boolean
data[].links.computer String
data[].links.trajectory String
data[].links.group String
Write
Preview

Examples

Fetch a specific computer's trajectory with given connector_guid and filter for events with user ...

Fetch a specific computer's trajectory with given connector_guid and filter for events with user name activity

Request

Requires Authorization
GET /v1/computers/user_activity?q=johndoe&limit=3
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers/user_activity?q=johndoe&limit=3'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 2202
x-ratelimit-remaining: 2807
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2018-10-02T17:50:12Z
transfer-encoding: chunked
{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/computers/user_activity?q=johndoe&limit=3",
      "next": "https://api.amp.cisco.com/v1/computers/user_activity?q=johndoe&limit=3&offset=3"
    },
    "results": {
      "total": 8,
      "current_item_count": 3,
      "index": 0,
      "items_per_page": 3
    }
  },
  "data": [
    {
      "connector_guid": "639f6a30-3ef3-46f6-82c7-d3a447d25f67",
      "hostname": "Demo_Qakbot_1",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/639f6a30-3ef3-46f6-82c7-d3a447d25f67",
        "trajectory": "https://api.amp.cisco.com/v1/computers/639f6a30-3ef3-46f6-82c7-d3a447d25f67/user_trajectory?q=johndoe",
        "group": "https://api.amp.cisco.com/v1/groups/b077d6bc-bbdf-42f7-8838-a06053fbd98a"
      }
    },
    {
      "connector_guid": "bedbd455-91d7-42bb-a924-89a64452bed9",
      "hostname": "Demo_Qakbot_3",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/bedbd455-91d7-42bb-a924-89a64452bed9",
        "trajectory": "https://api.amp.cisco.com/v1/computers/bedbd455-91d7-42bb-a924-89a64452bed9/user_trajectory?q=johndoe",
        "group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      }
    }
  ]
}