Cisco AMP for Endpoints API

GET /v1/computers

Description

Returns a list of computers with agents deployed on them. You can use parameters to narrow the search by IP address or hostname.

Query Parameters

Name Type Example Values Description
group_guid[] GUID 4060cf94-26e5-4176-8dea-cd3d0b68d8bc
limit Integer 10
hostname[] String Demo_CozyDuke, Demo_Dyre
external_ip String 93.111.140.204, 63.245.227.173
internal_ip String 87.27.44.37, 63.71.135.235

Show Response Fields

Name Type Description
version String
metadata.links.self String
metadata.results.total Integer
metadata.results.current_item_count Integer
metadata.results.index Integer
metadata.results.items_per_page Integer
data Array
data[].connector_guid GUID
data[].hostname String
data[].active Boolean
data[].links.computer String
data[].links.trajectory String
data[].links.group String
data[].connector_version String
data[].operating_system String
data[].internal_ips Array
data[].internal_ips[] String
data[].external_ip String
data[].group_guid GUID
data[].install_date String (Time ISO8601)
data[].network_addresses Array
data[].network_addresses[].mac String
data[].network_addresses[].ip String
data[].policy.guid GUID
data[].policy.name String
data[].last_seen String (Time ISO8601)
Write
Preview

Examples

Fetch list of computers filtered by hostname
Fetch list of computers
Fetch list of computers filtered by internal_ip
Fetch list of computers filtered by external_ip
Fetch list of computers filtered by group_guid

Fetch list of computers filtered by hostname

Request

Requires Authorization
GET /v1/computers?hostname[]=Demo_AMP&limit=10
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers?hostname[]=Demo_AMP&limit=10'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3589
x-ratelimit-remaining: 2973
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2018-10-02T17:50:12Z
transfer-encoding: chunked
{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/computers?hostname[]=Demo_AMP&limit=10"
    },
    "results": {
      "total": 6,
      "current_item_count": 6,
      "index": 0,
      "items_per_page": 10
    }
  },
  "data": [
    {
      "connector_guid": "1accdb11-0b2a-44e1-a1e0-c20fe98f5c6c",
      "hostname": "Demo_AMP",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/1accdb11-0b2a-44e1-a1e0-c20fe98f5c6c",
        "trajectory": "https://api.amp.cisco.com/v1/computers/1accdb11-0b2a-44e1-a1e0-c20fe98f5c6c/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      },
      "connector_version": "6.2.1.10782(AVC)",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "202.119.127.235"
      ],
      "external_ip": "119.239.208.166",
      "group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e",
      "install_date": "2018-09-18T18:56:51Z",
      "network_addresses": [
        {
          "mac": "c8:d9:f1:54:e5:52",
          "ip": "202.119.127.235"
        }
      ],
      "policy": {
        "guid": "75f5a2b7-2875-41c1-9a11-0b212f347a08",
        "name": "Triage Policy"
      },
      "last_seen": "2018-09-18T18:56:51Z"
    },
    {
      "connector_guid": "debaf356-f7d5-4aa1-bf09-0925aa587f34",
      "hostname": "Demo_AMP_Exploit_Prevention",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/debaf356-f7d5-4aa1-bf09-0925aa587f34",
        "trajectory": "https://api.amp.cisco.com/v1/computers/debaf356-f7d5-4aa1-bf09-0925aa587f34/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/b077d6bc-bbdf-42f7-8838-a06053fbd98a"
      },
      "connector_version": "6.2.1.10782(AVC)",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "9.75.98.189"
      ],
      "external_ip": "121.203.44.180",
      "group_guid": "b077d6bc-bbdf-42f7-8838-a06053fbd98a",
      "install_date": "2018-09-18T18:56:52Z",
      "network_addresses": [
        {
          "mac": "d7:08:ad:7f:33:14",
          "ip": "9.75.98.189"
        }
      ],
      "policy": {
        "guid": "89912c9e-8dbd-4c2b-a1d8-dee8a0c2bb29",
        "name": "Audit Policy"
      },
      "last_seen": "2018-09-18T18:56:52Z"
    }
  ]
}

Fetch list of computers

Request

Requires Authorization
GET /v1/computers
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 2199
x-ratelimit-remaining: 2668
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2018-10-03T17:33:35Z
transfer-encoding: chunked
{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/computers"
    },
    "results": {
      "total": 30,
      "current_item_count": 30,
      "index": 0,
      "items_per_page": 500
    }
  },
  "data": [
    {
      "connector_guid": "e714d352-f682-47ba-baa7-a1d574bc8fe4",
      "hostname": "Demo_AMP_Threat_Audit",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/e714d352-f682-47ba-baa7-a1d574bc8fe4",
        "trajectory": "https://api.amp.cisco.com/v1/computers/e714d352-f682-47ba-baa7-a1d574bc8fe4/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      },
      "connector_version": "6.2.1.10782(AVC)",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "77.189.252.203"
      ],
      "external_ip": "225.73.247.232",
      "group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e",
      "install_date": "2018-09-18T18:56:52Z",
      "network_addresses": [
        {
          "mac": "3d:21:d6:d4:33:17",
          "ip": "77.189.252.203"
        }
      ],
      "policy": {
        "guid": "75f5a2b7-2875-41c1-9a11-0b212f347a08",
        "name": "Triage Policy"
      },
      "last_seen": "2018-09-18T18:56:52Z"
    },
    {
      "connector_guid": "ec48da32-c85c-4885-a280-cedfbf2baea5",
      "hostname": "Demo_AMP_Threat_Quarantined",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/ec48da32-c85c-4885-a280-cedfbf2baea5",
        "trajectory": "https://api.amp.cisco.com/v1/computers/ec48da32-c85c-4885-a280-cedfbf2baea5/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      },
      "connector_version": "6.2.1.10782(AVC)",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "46.164.189.54"
      ],
      "external_ip": "71.66.198.17",
      "group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e",
      "install_date": "2018-09-18T18:56:52Z",
      "network_addresses": [
        {
          "mac": "93:88:4e:1e:c7:37",
          "ip": "46.164.189.54"
        }
      ],
      "policy": {
        "guid": "75f5a2b7-2875-41c1-9a11-0b212f347a08",
        "name": "Triage Policy"
      },
      "last_seen": "2018-09-18T18:56:52Z"
    }
  ]
}

Fetch list of computers filtered by internal_ip

Request

Requires Authorization
GET /v1/computers?internal_ip=77.189.252.203&limit=10
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers?internal_ip=77.189.252.203&limit=10'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 2198
x-ratelimit-remaining: 2664
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2018-10-03T17:33:35Z
transfer-encoding: chunked
{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/computers?internal_ip=77.189.252.203&limit=10"
    },
    "results": {
      "total": 1,
      "current_item_count": 1,
      "index": 0,
      "items_per_page": 10
    }
  },
  "data": [
    {
      "connector_guid": "e714d352-f682-47ba-baa7-a1d574bc8fe4",
      "hostname": "Demo_AMP_Threat_Audit",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/e714d352-f682-47ba-baa7-a1d574bc8fe4",
        "trajectory": "https://api.amp.cisco.com/v1/computers/e714d352-f682-47ba-baa7-a1d574bc8fe4/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      },
      "connector_version": "6.2.1.10782(AVC)",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "77.189.252.203"
      ],
      "external_ip": "225.73.247.232",
      "group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e",
      "install_date": "2018-09-18T18:56:52Z",
      "network_addresses": [
        {
          "mac": "3d:21:d6:d4:33:17",
          "ip": "77.189.252.203"
        }
      ],
      "policy": {
        "guid": "75f5a2b7-2875-41c1-9a11-0b212f347a08",
        "name": "Triage Policy"
      },
      "last_seen": "2018-09-18T18:56:52Z"
    }
  ]
}

Fetch list of computers filtered by external_ip

Request

Requires Authorization
GET /v1/computers?external_ip=225.73.247.232&limit=10
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers?external_ip=225.73.247.232&limit=10'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 2197
x-ratelimit-remaining: 2662
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2018-10-03T17:33:35Z
transfer-encoding: chunked
{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/computers?external_ip=225.73.247.232&limit=10"
    },
    "results": {
      "total": 1,
      "current_item_count": 1,
      "index": 0,
      "items_per_page": 10
    }
  },
  "data": [
    {
      "connector_guid": "e714d352-f682-47ba-baa7-a1d574bc8fe4",
      "hostname": "Demo_AMP_Threat_Audit",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/e714d352-f682-47ba-baa7-a1d574bc8fe4",
        "trajectory": "https://api.amp.cisco.com/v1/computers/e714d352-f682-47ba-baa7-a1d574bc8fe4/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      },
      "connector_version": "6.2.1.10782(AVC)",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "77.189.252.203"
      ],
      "external_ip": "225.73.247.232",
      "group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e",
      "install_date": "2018-09-18T18:56:52Z",
      "network_addresses": [
        {
          "mac": "3d:21:d6:d4:33:17",
          "ip": "77.189.252.203"
        }
      ],
      "policy": {
        "guid": "75f5a2b7-2875-41c1-9a11-0b212f347a08",
        "name": "Triage Policy"
      },
      "last_seen": "2018-09-18T18:56:52Z"
    }
  ]
}

Fetch list of computers filtered by group_guid

Request

Requires Authorization
GET /v1/computers?group_guid[]=68665863-74d5-4bc1-ac7f-5477b2b6406e&limit=10
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers?group_guid[]=68665863-74d5-4bc1-ac7f-5477b2b6406e&limit=10'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 2197
x-ratelimit-remaining: 2660
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2018-10-03T17:33:35Z
transfer-encoding: chunked
{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/computers?group_guid[]=68665863-74d5-4bc1-ac7f-5477b2b6406e&limit=10"
    },
    "results": {
      "total": 8,
      "current_item_count": 8,
      "index": 0,
      "items_per_page": 10
    }
  },
  "data": [
    {
      "connector_guid": "e714d352-f682-47ba-baa7-a1d574bc8fe4",
      "hostname": "Demo_AMP_Threat_Audit",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/e714d352-f682-47ba-baa7-a1d574bc8fe4",
        "trajectory": "https://api.amp.cisco.com/v1/computers/e714d352-f682-47ba-baa7-a1d574bc8fe4/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      },
      "connector_version": "6.2.1.10782(AVC)",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "77.189.252.203"
      ],
      "external_ip": "225.73.247.232",
      "group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e",
      "install_date": "2018-09-18T18:56:52Z",
      "network_addresses": [
        {
          "mac": "3d:21:d6:d4:33:17",
          "ip": "77.189.252.203"
        }
      ],
      "policy": {
        "guid": "75f5a2b7-2875-41c1-9a11-0b212f347a08",
        "name": "Triage Policy"
      },
      "last_seen": "2018-09-18T18:56:52Z"
    },
    {
      "connector_guid": "ec48da32-c85c-4885-a280-cedfbf2baea5",
      "hostname": "Demo_AMP_Threat_Quarantined",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/ec48da32-c85c-4885-a280-cedfbf2baea5",
        "trajectory": "https://api.amp.cisco.com/v1/computers/ec48da32-c85c-4885-a280-cedfbf2baea5/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      },
      "connector_version": "6.2.1.10782(AVC)",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "46.164.189.54"
      ],
      "external_ip": "71.66.198.17",
      "group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e",
      "install_date": "2018-09-18T18:56:52Z",
      "network_addresses": [
        {
          "mac": "93:88:4e:1e:c7:37",
          "ip": "46.164.189.54"
        }
      ],
      "policy": {
        "guid": "75f5a2b7-2875-41c1-9a11-0b212f347a08",
        "name": "Triage Policy"
      },
      "last_seen": "2018-09-18T18:56:52Z"
    }
  ]
}