GET /v1/computers/user_activity
Description
Query Parameters
| Name | Type | Example Values | Description |
|---|---|---|---|
q |
String | johndoe | |
limit |
Integer | 3 |
| Name | Type | Description |
|---|---|---|
| version | String | |
| metadata.links.self | String | |
| metadata.links.next | String | |
| metadata.results.total | Integer | |
| metadata.results.current_item_count | Integer | |
| metadata.results.index | Integer | |
| metadata.results.items_per_page | Integer | |
| data | Array | |
| data[].connector_guid | GUID | |
| data[].hostname | String | |
| data[].active | Boolean | |
| data[].links.computer | String | |
| data[].links.trajectory | String | |
| data[].links.group | String |
Examples
- Fetch a specific computer's trajectory with given connector_guid and filter for events with user ...
Fetch a specific computer's trajectory with given connector_guid and filter for events with user name activity
Request
Requires AuthorizationGET /v1/computers/user_activity?q=johndoe&limit=3
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers/user_activity?q=johndoe&limit=3'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.amp.cisco.com/v1/computers/user_activity?q=johndoe&limit=3'
Shortened for readability
strict-transport-security: max-age=31536000 content-type: application/json; charset=utf-8 status: 200 OK x-ratelimit-limit: 3000 x-ratelimit-reset: 3563 x-ratelimit-remaining: 2941 x-frame-options: SAMEORIGIN x-ratelimit-resetdate: 2019-11-01T18:03:14Z transfer-encoding: chunked
{
"version": "v1.2.0",
"metadata": {
"links": {
"self": "https://api.amp.cisco.com/v1/computers/user_activity?q=johndoe&limit=3",
"next": "https://api.amp.cisco.com/v1/computers/user_activity?q=johndoe&limit=3&offset=3"
},
"results": {
"total": 8,
"current_item_count": 3,
"index": 0,
"items_per_page": 3
}
},
"data": [
{
"connector_guid": "2dd90e32-1db9-4c66-96ff-3f6efa76fd15",
"hostname": "Demo_AMP_Threat_Audit",
"active": true,
"links": {
"computer": "https://api.amp.cisco.com/v1/computers/2dd90e32-1db9-4c66-96ff-3f6efa76fd15",
"trajectory": "https://api.amp.cisco.com/v1/computers/2dd90e32-1db9-4c66-96ff-3f6efa76fd15/user_trajectory?q=johndoe",
"group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
}
},
{
"connector_guid": "3e2cd1ab-1f23-4ee9-a787-c2b4a33e3d19",
"hostname": "Demo_Qakbot_3",
"active": true,
"links": {
"computer": "https://api.amp.cisco.com/v1/computers/3e2cd1ab-1f23-4ee9-a787-c2b4a33e3d19",
"trajectory": "https://api.amp.cisco.com/v1/computers/3e2cd1ab-1f23-4ee9-a787-c2b4a33e3d19/user_trajectory?q=johndoe",
"group": "https://api.amp.cisco.com/v1/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
}
}
]
}