Cisco AMP for Endpoints API

GET /v1/computers/user_activity

Description

Query Parameters

Name Type Example Values Description
q String johndoe
limit Integer 5
offset Integer 0

Show Response Fields

Name Type Description
version String
metadata.links.self String
metadata.links.next String
metadata.results.total Integer
metadata.results.current_item_count Integer
metadata.results.index Integer
metadata.results.items_per_page Integer
data Array
data[].connector_guid GUID
data[].hostname String
data[].active Boolean
data[].links.computer String
data[].links.trajectory String
data[].links.group String
Write
Preview

Examples

Fetch list of computers that have observed activity by given user name

Fetch list of computers that have observed activity by given user name

Request

Requires Authorization
GET /v1/computers/user_activity?q=johndoe&limit=5&offset=0
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.eu.amp.cisco.com/v1/computers/user_activity?q=johndoe&limit=5&offset=0'

Response

Actual Response

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3534
x-ratelimit-remaining: 2990
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2018-10-03T17:33:35Z
transfer-encoding: chunked
{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.eu.amp.cisco.com/v1/computers/user_activity?q=johndoe&limit=5&offset=0",
      "next": "https://api.eu.amp.cisco.com/v1/computers/user_activity?q=johndoe&limit=5&offset=5"
    },
    "results": {
      "total": 8,
      "current_item_count": 5,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": [
    {
      "connector_guid": "639f6a30-3ef3-46f6-82c7-d3a447d25f67",
      "hostname": "Demo_Qakbot_1",
      "active": true,
      "links": {
        "computer": "https://api.eu.amp.cisco.com/v1/computers/639f6a30-3ef3-46f6-82c7-d3a447d25f67",
        "trajectory": "https://api.eu.amp.cisco.com/v1/computers/639f6a30-3ef3-46f6-82c7-d3a447d25f67/user_trajectory?q=johndoe",
        "group": "https://api.eu.amp.cisco.com/v1/groups/b077d6bc-bbdf-42f7-8838-a06053fbd98a"
      }
    },
    {
      "connector_guid": "bedbd455-91d7-42bb-a924-89a64452bed9",
      "hostname": "Demo_Qakbot_3",
      "active": true,
      "links": {
        "computer": "https://api.eu.amp.cisco.com/v1/computers/bedbd455-91d7-42bb-a924-89a64452bed9",
        "trajectory": "https://api.eu.amp.cisco.com/v1/computers/bedbd455-91d7-42bb-a924-89a64452bed9/user_trajectory?q=johndoe",
        "group": "https://api.eu.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      }
    },
    {
      "connector_guid": "debaf356-f7d5-4aa1-bf09-0925aa587f34",
      "hostname": "Demo_AMP_Exploit_Prevention",
      "active": false,
      "links": {
        "computer": "https://api.eu.amp.cisco.com/v1/computers/debaf356-f7d5-4aa1-bf09-0925aa587f34",
        "trajectory": "https://api.eu.amp.cisco.com/v1/computers/debaf356-f7d5-4aa1-bf09-0925aa587f34/user_trajectory?q=johndoe",
        "group": "https://api.eu.amp.cisco.com/v1/groups/b077d6bc-bbdf-42f7-8838-a06053fbd98a"
      }
    },
    {
      "connector_guid": "e714d352-f682-47ba-baa7-a1d574bc8fe4",
      "hostname": "Demo_AMP_Threat_Audit",
      "active": true,
      "links": {
        "computer": "https://api.eu.amp.cisco.com/v1/computers/e714d352-f682-47ba-baa7-a1d574bc8fe4",
        "trajectory": "https://api.eu.amp.cisco.com/v1/computers/e714d352-f682-47ba-baa7-a1d574bc8fe4/user_trajectory?q=johndoe",
        "group": "https://api.eu.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      }
    },
    {
      "connector_guid": "ec48da32-c85c-4885-a280-cedfbf2baea5",
      "hostname": "Demo_AMP_Threat_Quarantined",
      "active": true,
      "links": {
        "computer": "https://api.eu.amp.cisco.com/v1/computers/ec48da32-c85c-4885-a280-cedfbf2baea5",
        "trajectory": "https://api.eu.amp.cisco.com/v1/computers/ec48da32-c85c-4885-a280-cedfbf2baea5/user_trajectory?q=johndoe",
        "group": "https://api.eu.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      }
    }
  ]
}