GET /v1/computers
Description
Query Parameters
| Name | Type | Example Values | Description |
|---|---|---|---|
hostname[] |
Date | Demo_AMP_MAP_FriedEx | |
limit |
Integer | 10 | |
offset |
Integer | 20 | |
internal_ip |
String | 212.143.221.79 | |
external_ip |
String | 102.141.238.162 | |
group_guid[] |
GUID | 6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03 |
| Name | Type | Description |
|---|---|---|
| version | String | |
| metadata.links.self | String | |
| metadata.results.total | Integer | |
| metadata.results.current_item_count | Integer | |
| metadata.results.index | Integer | |
| metadata.results.items_per_page | Integer | |
| data | Array | |
| data[].connector_guid | GUID | |
| data[].hostname | String | |
| data[].active | Boolean | |
| data[].links.computer | String | |
| data[].links.trajectory | String | |
| data[].links.group | String | |
| data[].connector_version | String | |
| data[].operating_system | String | |
| data[].internal_ips | Array | |
| data[].internal_ips[] | String | |
| data[].external_ip | String | |
| data[].group_guid | GUID | |
| data[].install_date | String (Time ISO8601) | |
| data[].network_addresses | Array | |
| data[].network_addresses[].mac | String | |
| data[].network_addresses[].ip | String | |
| data[].policy.guid | GUID | |
| data[].policy.name | String | |
| data[].last_seen | String (Time ISO8601) | |
| data[].faults | Array | |
| data[].isolation.available | Boolean | |
| data[].isolation.status | String |
Note
The hostname search is conducted with an ending wildcard so a list of hosts will be returned if multiple matches occur.
Examples
- Fetch list of computers
- Fetch list of computers filtered by hostname
- Fetch list of computers filtered by internal_ip
- Fetch list of computers filtered by external_ip
- Fetch list of computers filtered by group_guid
Fetch list of computers
Request
Requires AuthorizationGET /v1/computers
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.amp.cisco.com/v1/computers'
Shortened for readability
strict-transport-security: max-age=31536000 content-type: application/json; charset=utf-8 status: 200 OK x-ratelimit-limit: 3000 x-ratelimit-reset: 3581 x-ratelimit-remaining: 2969 x-frame-options: SAMEORIGIN x-ratelimit-resetdate: 2020-02-20T19:42:33Z transfer-encoding: chunked
{
"version": "v1.2.0",
"metadata": {
"links": {
"self": "https://api.amp.cisco.com/v1/computers"
},
"results": {
"total": 39,
"current_item_count": 39,
"index": 0,
"items_per_page": 500
}
},
"data": [
{
"connector_guid": "d821e2d9-9280-489c-a6c3-be02d85ba8a0",
"hostname": "Demo_Command_Line_Arguments_Kovter",
"windows_processor_id": "1937b8e046adf25",
"active": true,
"links": {
"computer": "https://api.amp.cisco.com/v1/computers/d821e2d9-9280-489c-a6c3-be02d85ba8a0",
"trajectory": "https://api.amp.cisco.com/v1/computers/d821e2d9-9280-489c-a6c3-be02d85ba8a0/trajectory",
"group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
},
"connector_version": "99.0.99.11594",
"operating_system": "Windows 10, SP 0.0",
"internal_ips": [
"48.228.237.163"
],
"external_ip": "87.18.29.150",
"group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e",
"install_date": "2020-02-17T08:47:17Z",
"network_addresses": [
{
"mac": "cd:e0:30:42:21:f7",
"ip": "48.228.237.163"
}
],
"policy": {
"guid": "75f5a2b7-2875-41c1-9a11-0b212f347a08",
"name": "Triage Policy"
},
"last_seen": "2020-02-18T09:17:34Z",
"faults": [
],
"isolation": {
"available": false,
"status": "not_isolated"
},
"orbital": {
"status": "not_enabled"
}
},
{
"connector_guid": "c34ec2d5-b3ca-4464-a508-d159d3094a0d",
"hostname": "Demo_Command_Line_Arguments_Meterpreter",
"windows_processor_id": "5912f78e3b6da40",
"active": true,
"links": {
"computer": "https://api.amp.cisco.com/v1/computers/c34ec2d5-b3ca-4464-a508-d159d3094a0d",
"trajectory": "https://api.amp.cisco.com/v1/computers/c34ec2d5-b3ca-4464-a508-d159d3094a0d/trajectory",
"group": "https://api.amp.cisco.com/v1/groups/b077d6bc-bbdf-42f7-8838-a06053fbd98a"
},
"connector_version": "99.0.99.11594",
"operating_system": "Windows 10, SP 0.0",
"internal_ips": [
"123.41.160.218"
],
"external_ip": "117.52.229.114",
"group_guid": "b077d6bc-bbdf-42f7-8838-a06053fbd98a",
"install_date": "2020-02-17T08:32:58Z",
"network_addresses": [
{
"mac": "08:fa:bd:47:1b:63",
"ip": "123.41.160.218"
}
],
"policy": {
"guid": "89912c9e-8dbd-4c2b-a1d8-dee8a0c2bb29",
"name": "Audit Policy"
},
"last_seen": "2020-02-18T09:17:42Z",
"faults": [
],
"isolation": {
"available": false,
"status": "not_isolated"
},
"orbital": {
"status": "not_enabled"
}
}
]
}
Fetch list of computers filtered by hostname
Request
Requires AuthorizationGET /v1/computers?hostname[]=Demo_Command_Line_Arguments_Kovter&limit=10&offset=20
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers?hostname[]=Demo_Command_Line_Arguments_Kovter&limit=10&offset=20'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.amp.cisco.com/v1/computers?hostname[]=Demo_Command_Line_Arguments_Kovter&limit=10&offset=20'
Shortened for readability
strict-transport-security: max-age=31536000 content-type: application/json; charset=utf-8 status: 200 OK x-ratelimit-limit: 3000 x-ratelimit-reset: 3579 x-ratelimit-remaining: 2968 x-frame-options: SAMEORIGIN x-ratelimit-resetdate: 2020-02-20T19:42:33Z transfer-encoding: chunked
{
"version": "v1.2.0",
"metadata": {
"links": {
"self": "https://api.amp.cisco.com/v1/computers?hostname[]=Demo_Command_Line_Arguments_Kovter&limit=10&offset=20",
"prev": "https://api.amp.cisco.com/v1/computers?hostname%5B%5D=Demo_Command_Line_Arguments_Kovter&limit=10&offset=0"
},
"results": {
"total": 1,
"current_item_count": 0,
"index": 20,
"items_per_page": 10
}
},
"data": [
]
}
Fetch list of computers filtered by internal_ip
Request
Requires AuthorizationGET /v1/computers?internal_ip=48.228.237.163&limit=10&offset=20
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers?internal_ip=48.228.237.163&limit=10&offset=20'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.amp.cisco.com/v1/computers?internal_ip=48.228.237.163&limit=10&offset=20'
Shortened for readability
strict-transport-security: max-age=31536000 content-type: application/json; charset=utf-8 status: 200 OK x-ratelimit-limit: 3000 x-ratelimit-reset: 3579 x-ratelimit-remaining: 2967 x-frame-options: SAMEORIGIN x-ratelimit-resetdate: 2020-02-20T19:42:33Z transfer-encoding: chunked
{
"version": "v1.2.0",
"metadata": {
"links": {
"self": "https://api.amp.cisco.com/v1/computers?internal_ip=48.228.237.163&limit=10&offset=20",
"prev": "https://api.amp.cisco.com/v1/computers?internal_ip=48.228.237.163&limit=10&offset=0"
},
"results": {
"total": 1,
"current_item_count": 0,
"index": 20,
"items_per_page": 10
}
},
"data": [
]
}
Fetch list of computers filtered by external_ip
Request
Requires AuthorizationGET /v1/computers?external_ip=87.18.29.150&limit=10&offset=20
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers?external_ip=87.18.29.150&limit=10&offset=20'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.amp.cisco.com/v1/computers?external_ip=87.18.29.150&limit=10&offset=20'
Shortened for readability
strict-transport-security: max-age=31536000 content-type: application/json; charset=utf-8 status: 200 OK x-ratelimit-limit: 3000 x-ratelimit-reset: 3578 x-ratelimit-remaining: 2966 x-frame-options: SAMEORIGIN x-ratelimit-resetdate: 2020-02-20T19:42:33Z transfer-encoding: chunked
{
"version": "v1.2.0",
"metadata": {
"links": {
"self": "https://api.amp.cisco.com/v1/computers?external_ip=87.18.29.150&limit=10&offset=20",
"prev": "https://api.amp.cisco.com/v1/computers?external_ip=87.18.29.150&limit=10&offset=0"
},
"results": {
"total": 1,
"current_item_count": 0,
"index": 20,
"items_per_page": 10
}
},
"data": [
]
}
Fetch list of computers filtered by group_guid
Request
Requires AuthorizationGET /v1/computers?group_guid[]=68665863-74d5-4bc1-ac7f-5477b2b6406e&limit=10&offset=20
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers?group_guid[]=68665863-74d5-4bc1-ac7f-5477b2b6406e&limit=10&offset=20'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.amp.cisco.com/v1/computers?group_guid[]=68665863-74d5-4bc1-ac7f-5477b2b6406e&limit=10&offset=20'
Shortened for readability
strict-transport-security: max-age=31536000 content-type: application/json; charset=utf-8 status: 200 OK x-ratelimit-limit: 3000 x-ratelimit-reset: 3578 x-ratelimit-remaining: 2965 x-frame-options: SAMEORIGIN x-ratelimit-resetdate: 2020-02-20T19:42:33Z transfer-encoding: chunked
{
"version": "v1.2.0",
"metadata": {
"links": {
"self": "https://api.amp.cisco.com/v1/computers?group_guid[]=68665863-74d5-4bc1-ac7f-5477b2b6406e&limit=10&offset=20",
"prev": "https://api.amp.cisco.com/v1/computers?group_guid%5B%5D=68665863-74d5-4bc1-ac7f-5477b2b6406e&limit=10&offset=0"
},
"results": {
"total": 7,
"current_item_count": 0,
"index": 20,
"items_per_page": 10
}
},
"data": [
]
}