Cisco AMP for Endpoints API

GET /v1/computers

Description

Returns a list of computers with agents deployed on them. You can use parameters to narrow the search by IP address or hostname.

Query Parameters

Name	Type	Example Values
`group_guid[]`	GUID	4060cf94-26e5-4176-8dea-cd3d0b68d8bc
`limit`	Integer	10
`hostname[]`	String	Demo_CozyDuke, Demo_Dyre
`external_ip`	String	93.111.140.204, 63.245.227.173
`internal_ip`	String	87.27.44.37, 63.71.135.235

Show Response Fields

Name	Type	Description
version	String
metadata.links.self	String
metadata.results.total	Integer
metadata.results.current_item_count	Integer
metadata.results.index	Integer
metadata.results.items_per_page	Integer
data	Array
data[].connector_guid	GUID
data[].hostname	String
data[].active	Boolean
data[].links.computer	String
data[].links.trajectory	String
data[].links.group	String
data[].connector_version	String
data[].operating_system	String
data[].internal_ips	Array
data[].internal_ips[]	String
data[].external_ip	String
data[].group_guid	GUID
data[].install_date	String (Time ISO8601)
data[].network_addresses	Array
data[].network_addresses[].mac	String
data[].network_addresses[].ip	String
data[].policy.guid	GUID
data[].policy.name	String
data[].last_seen	String (Time ISO8601)

Write

Preview

Describe this action in markdown

Returns a list of computers with agents deployed on them. You can use parameters to narrow the search by IP address or hostname.

### Query Parameters

|Name|Type|Example Values|Description|
|----|----|----|----|
|`group_guid[]`|GUID|4060cf94-26e5-4176-8dea-cd3d0b68d8bc||
|`limit`|Integer|10||
|`hostname[]`|String|Demo_CozyDuke, Demo_Dyre||
|`external_ip`|String|93.111.140.204, 63.245.227.173||
|`internal_ip`|String|87.27.44.37, 63.71.135.235||
[Show Response Fields](response-fields)

|Name|Type|Description|
|---|---|---|
|version|String||
|metadata.links.self|String||
|metadata.results.total|Integer||
|metadata.results.current_item_count|Integer||
|metadata.results.index|Integer||
|metadata.results.items_per_page|Integer||
|data|Array||
|data[].connector_guid|GUID||
|data[].hostname|String||
|data[].active|Boolean||
|data[].links.computer|String||
|data[].links.trajectory|String||
|data[].links.group|String||
|data[].connector_version|String||
|data[].operating_system|String||
|data[].internal_ips|Array||
|data[].internal_ips[]|String||
|data[].external_ip|String||
|data[].group_guid|GUID||
|data[].install_date|String (Time ISO8601)||
|data[].network_addresses|Array||
|data[].network_addresses[].mac|String||
|data[].network_addresses[].ip|String||
|data[].policy.guid|GUID||
|data[].policy.name|String||
|data[].last_seen|String (Time ISO8601)||

Auto Generate

Examples

Fetch list of computers filtered by hostname

Fetch list of computers

Fetch list of computers filtered by internal_ip

Fetch list of computers filtered by external_ip

Fetch list of computers filtered by group_guid

Fetch list of computers filtered by hostname

Request

Requires Authorization

GET /v1/computers?hostname[]=Demo_AMP&limit=10

Headers

accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers?hostname[]=Demo_AMP&limit=10'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3589
x-ratelimit-remaining: 2973
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2018-10-02T17:50:12Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/computers?hostname[]=Demo_AMP&limit=10"
    },
    "results": {
      "total": 6,
      "current_item_count": 6,
      "index": 0,
      "items_per_page": 10
    }
  },
  "data": [
    {
      "connector_guid": "1accdb11-0b2a-44e1-a1e0-c20fe98f5c6c",
      "hostname": "Demo_AMP",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/1accdb11-0b2a-44e1-a1e0-c20fe98f5c6c",
        "trajectory": "https://api.amp.cisco.com/v1/computers/1accdb11-0b2a-44e1-a1e0-c20fe98f5c6c/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      },
      "connector_version": "6.2.1.10782(AVC)",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "202.119.127.235"
      ],
      "external_ip": "119.239.208.166",
      "group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e",
      "install_date": "2018-09-18T18:56:51Z",
      "network_addresses": [
        {
          "mac": "c8:d9:f1:54:e5:52",
          "ip": "202.119.127.235"
        }
      ],
      "policy": {
        "guid": "75f5a2b7-2875-41c1-9a11-0b212f347a08",
        "name": "Triage Policy"
      },
      "last_seen": "2018-09-18T18:56:51Z"
    },
    {
      "connector_guid": "debaf356-f7d5-4aa1-bf09-0925aa587f34",
      "hostname": "Demo_AMP_Exploit_Prevention",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/debaf356-f7d5-4aa1-bf09-0925aa587f34",
        "trajectory": "https://api.amp.cisco.com/v1/computers/debaf356-f7d5-4aa1-bf09-0925aa587f34/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/b077d6bc-bbdf-42f7-8838-a06053fbd98a"
      },
      "connector_version": "6.2.1.10782(AVC)",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "9.75.98.189"
      ],
      "external_ip": "121.203.44.180",
      "group_guid": "b077d6bc-bbdf-42f7-8838-a06053fbd98a",
      "install_date": "2018-09-18T18:56:52Z",
      "network_addresses": [
        {
          "mac": "d7:08:ad:7f:33:14",
          "ip": "9.75.98.189"
        }
      ],
      "policy": {
        "guid": "89912c9e-8dbd-4c2b-a1d8-dee8a0c2bb29",
        "name": "Audit Policy"
      },
      "last_seen": "2018-09-18T18:56:52Z"
    }
  ]
}

Fetch list of computers

Request

Requires Authorization

GET /v1/computers

Headers

accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 2199
x-ratelimit-remaining: 2668
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2018-10-03T17:33:35Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/computers"
    },
    "results": {
      "total": 30,
      "current_item_count": 30,
      "index": 0,
      "items_per_page": 500
    }
  },
  "data": [
    {
      "connector_guid": "e714d352-f682-47ba-baa7-a1d574bc8fe4",
      "hostname": "Demo_AMP_Threat_Audit",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/e714d352-f682-47ba-baa7-a1d574bc8fe4",
        "trajectory": "https://api.amp.cisco.com/v1/computers/e714d352-f682-47ba-baa7-a1d574bc8fe4/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      },
      "connector_version": "6.2.1.10782(AVC)",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "77.189.252.203"
      ],
      "external_ip": "225.73.247.232",
      "group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e",
      "install_date": "2018-09-18T18:56:52Z",
      "network_addresses": [
        {
          "mac": "3d:21:d6:d4:33:17",
          "ip": "77.189.252.203"
        }
      ],
      "policy": {
        "guid": "75f5a2b7-2875-41c1-9a11-0b212f347a08",
        "name": "Triage Policy"
      },
      "last_seen": "2018-09-18T18:56:52Z"
    },
    {
      "connector_guid": "ec48da32-c85c-4885-a280-cedfbf2baea5",
      "hostname": "Demo_AMP_Threat_Quarantined",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/ec48da32-c85c-4885-a280-cedfbf2baea5",
        "trajectory": "https://api.amp.cisco.com/v1/computers/ec48da32-c85c-4885-a280-cedfbf2baea5/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      },
      "connector_version": "6.2.1.10782(AVC)",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "46.164.189.54"
      ],
      "external_ip": "71.66.198.17",
      "group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e",
      "install_date": "2018-09-18T18:56:52Z",
      "network_addresses": [
        {
          "mac": "93:88:4e:1e:c7:37",
          "ip": "46.164.189.54"
        }
      ],
      "policy": {
        "guid": "75f5a2b7-2875-41c1-9a11-0b212f347a08",
        "name": "Triage Policy"
      },
      "last_seen": "2018-09-18T18:56:52Z"
    }
  ]
}

Fetch list of computers filtered by internal_ip

Request

Requires Authorization

GET /v1/computers?internal_ip=77.189.252.203&limit=10

Headers

accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers?internal_ip=77.189.252.203&limit=10'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 2198
x-ratelimit-remaining: 2664
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2018-10-03T17:33:35Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/computers?internal_ip=77.189.252.203&limit=10"
    },
    "results": {
      "total": 1,
      "current_item_count": 1,
      "index": 0,
      "items_per_page": 10
    }
  },
  "data": [
    {
      "connector_guid": "e714d352-f682-47ba-baa7-a1d574bc8fe4",
      "hostname": "Demo_AMP_Threat_Audit",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/e714d352-f682-47ba-baa7-a1d574bc8fe4",
        "trajectory": "https://api.amp.cisco.com/v1/computers/e714d352-f682-47ba-baa7-a1d574bc8fe4/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      },
      "connector_version": "6.2.1.10782(AVC)",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "77.189.252.203"
      ],
      "external_ip": "225.73.247.232",
      "group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e",
      "install_date": "2018-09-18T18:56:52Z",
      "network_addresses": [
        {
          "mac": "3d:21:d6:d4:33:17",
          "ip": "77.189.252.203"
        }
      ],
      "policy": {
        "guid": "75f5a2b7-2875-41c1-9a11-0b212f347a08",
        "name": "Triage Policy"
      },
      "last_seen": "2018-09-18T18:56:52Z"
    }
  ]
}

Fetch list of computers filtered by external_ip

Request

Requires Authorization

GET /v1/computers?external_ip=225.73.247.232&limit=10

Headers

accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers?external_ip=225.73.247.232&limit=10'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 2197
x-ratelimit-remaining: 2662
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2018-10-03T17:33:35Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/computers?external_ip=225.73.247.232&limit=10"
    },
    "results": {
      "total": 1,
      "current_item_count": 1,
      "index": 0,
      "items_per_page": 10
    }
  },
  "data": [
    {
      "connector_guid": "e714d352-f682-47ba-baa7-a1d574bc8fe4",
      "hostname": "Demo_AMP_Threat_Audit",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/e714d352-f682-47ba-baa7-a1d574bc8fe4",
        "trajectory": "https://api.amp.cisco.com/v1/computers/e714d352-f682-47ba-baa7-a1d574bc8fe4/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      },
      "connector_version": "6.2.1.10782(AVC)",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "77.189.252.203"
      ],
      "external_ip": "225.73.247.232",
      "group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e",
      "install_date": "2018-09-18T18:56:52Z",
      "network_addresses": [
        {
          "mac": "3d:21:d6:d4:33:17",
          "ip": "77.189.252.203"
        }
      ],
      "policy": {
        "guid": "75f5a2b7-2875-41c1-9a11-0b212f347a08",
        "name": "Triage Policy"
      },
      "last_seen": "2018-09-18T18:56:52Z"
    }
  ]
}

Fetch list of computers filtered by group_guid

Request

Requires Authorization

GET /v1/computers?group_guid[]=68665863-74d5-4bc1-ac7f-5477b2b6406e&limit=10

Headers

accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers?group_guid[]=68665863-74d5-4bc1-ac7f-5477b2b6406e&limit=10'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 2197
x-ratelimit-remaining: 2660
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2018-10-03T17:33:35Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/computers?group_guid[]=68665863-74d5-4bc1-ac7f-5477b2b6406e&limit=10"
    },
    "results": {
      "total": 8,
      "current_item_count": 8,
      "index": 0,
      "items_per_page": 10
    }
  },
  "data": [
    {
      "connector_guid": "e714d352-f682-47ba-baa7-a1d574bc8fe4",
      "hostname": "Demo_AMP_Threat_Audit",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/e714d352-f682-47ba-baa7-a1d574bc8fe4",
        "trajectory": "https://api.amp.cisco.com/v1/computers/e714d352-f682-47ba-baa7-a1d574bc8fe4/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      },
      "connector_version": "6.2.1.10782(AVC)",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "77.189.252.203"
      ],
      "external_ip": "225.73.247.232",
      "group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e",
      "install_date": "2018-09-18T18:56:52Z",
      "network_addresses": [
        {
          "mac": "3d:21:d6:d4:33:17",
          "ip": "77.189.252.203"
        }
      ],
      "policy": {
        "guid": "75f5a2b7-2875-41c1-9a11-0b212f347a08",
        "name": "Triage Policy"
      },
      "last_seen": "2018-09-18T18:56:52Z"
    },
    {
      "connector_guid": "ec48da32-c85c-4885-a280-cedfbf2baea5",
      "hostname": "Demo_AMP_Threat_Quarantined",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/ec48da32-c85c-4885-a280-cedfbf2baea5",
        "trajectory": "https://api.amp.cisco.com/v1/computers/ec48da32-c85c-4885-a280-cedfbf2baea5/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      },
      "connector_version": "6.2.1.10782(AVC)",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "46.164.189.54"
      ],
      "external_ip": "71.66.198.17",
      "group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e",
      "install_date": "2018-09-18T18:56:52Z",
      "network_addresses": [
        {
          "mac": "93:88:4e:1e:c7:37",
          "ip": "46.164.189.54"
        }
      ],
      "policy": {
        "guid": "75f5a2b7-2875-41c1-9a11-0b212f347a08",
        "name": "Triage Policy"
      },
      "last_seen": "2018-09-18T18:56:52Z"
    }
  ]
}