Cisco AMP for Endpoints API

GET /v1/computers

Description

Returns a list of computers with agents deployed on them. You can use parameters to narrow the search by IP address or hostname.

Query Parameters

Name	Type	Example Values
`group_guid[]`	GUID	4060cf94-26e5-4176-8dea-cd3d0b68d8bc
`limit`	Integer	10
`hostname[]`	String	Demo_CozyDuke, Demo_Dyre
`external_ip`	String	93.111.140.204, 63.245.227.173
`internal_ip`	String	87.27.44.37, 63.71.135.235

Show Response Fields

Name	Type	Description
version	String
metadata.links.self	String
metadata.results.total	Integer
metadata.results.current_item_count	Integer
metadata.results.index	Integer
metadata.results.items_per_page	Integer
data	Array
data[].connector_guid	GUID
data[].hostname	String
data[].active	Boolean
data[].links.computer	String
data[].links.trajectory	String
data[].links.group	String
data[].connector_version	String
data[].operating_system	String
data[].internal_ips	Array
data[].internal_ips[]	String
data[].external_ip	String
data[].group_guid	GUID
data[].install_date	String (Time ISO8601)
data[].network_addresses	Array
data[].network_addresses[].mac	String
data[].network_addresses[].ip	String
data[].policy.guid	GUID
data[].policy.name	String
data[].last_seen	String (Time ISO8601)

Write

Preview

Describe this action in markdown

Returns a list of computers with agents deployed on them. You can use parameters to narrow the search by IP address or hostname.

### Query Parameters

|Name|Type|Example Values|Description|
|----|----|----|----|
|`group_guid[]`|GUID|4060cf94-26e5-4176-8dea-cd3d0b68d8bc||
|`limit`|Integer|10||
|`hostname[]`|String|Demo_CozyDuke, Demo_Dyre||
|`external_ip`|String|93.111.140.204, 63.245.227.173||
|`internal_ip`|String|87.27.44.37, 63.71.135.235||
[Show Response Fields](response-fields)

|Name|Type|Description|
|---|---|---|
|version|String||
|metadata.links.self|String||
|metadata.results.total|Integer||
|metadata.results.current_item_count|Integer||
|metadata.results.index|Integer||
|metadata.results.items_per_page|Integer||
|data|Array||
|data[].connector_guid|GUID||
|data[].hostname|String||
|data[].active|Boolean||
|data[].links.computer|String||
|data[].links.trajectory|String||
|data[].links.group|String||
|data[].connector_version|String||
|data[].operating_system|String||
|data[].internal_ips|Array||
|data[].internal_ips[]|String||
|data[].external_ip|String||
|data[].group_guid|GUID||
|data[].install_date|String (Time ISO8601)||
|data[].network_addresses|Array||
|data[].network_addresses[].mac|String||
|data[].network_addresses[].ip|String||
|data[].policy.guid|GUID||
|data[].policy.name|String||
|data[].last_seen|String (Time ISO8601)||

Auto Generate

Examples

Fetch list of computers

Fetch list of computers filtered by hostname

Fetch list of computers filtered by internal_ip

Fetch list of computers filtered by external_ip

Fetch list of computers filtered by group_guid

Fetch list of computers

Request

Requires Authorization

GET /v1/computers

Headers

accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 2250
x-ratelimit-remaining: 2820
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2019-04-02T22:41:15Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/computers"
    },
    "results": {
      "total": 30,
      "current_item_count": 30,
      "index": 0,
      "items_per_page": 500
    }
  },
  "data": [
    {
      "connector_guid": "0f6de888-e023-4020-8f0b-a82d64de8ef3",
      "hostname": "Demo_AMP_Intel",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3",
        "trajectory": "https://api.amp.cisco.com/v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
      },
      "connector_version": "6.3.1.10893",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "139.210.10.15"
      ],
      "external_ip": "99.254.102.26",
      "group_guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03",
      "install_date": "2019-03-12T15:30:41Z",
      "network_addresses": [
        {
          "mac": "10:48:6b:6b:06:74",
          "ip": "139.210.10.15"
        }
      ],
      "policy": {
        "guid": "520c7c68-a637-43b1-b851-7830b0b336b6",
        "name": "Protect Policy"
      },
      "last_seen": "2019-03-01T17:49:21Z",
      "faults": [

      ]
    },
    {
      "connector_guid": "d2abab43-7507-45fc-a8da-1a65c917b9a7",
      "hostname": "Demo_AMP_MAP_FriedEx",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/d2abab43-7507-45fc-a8da-1a65c917b9a7",
        "trajectory": "https://api.amp.cisco.com/v1/computers/d2abab43-7507-45fc-a8da-1a65c917b9a7/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
      },
      "connector_version": "6.3.1.10893",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "212.143.221.79"
      ],
      "external_ip": "102.141.238.162",
      "group_guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03",
      "install_date": "2019-04-01T15:49:06Z",
      "network_addresses": [
        {
          "mac": "27:4c:6c:a7:b3:04",
          "ip": "212.143.221.79"
        }
      ],
      "policy": {
        "guid": "520c7c68-a637-43b1-b851-7830b0b336b6",
        "name": "Protect Policy"
      },
      "last_seen": "2019-03-01T17:49:21Z",
      "faults": [

      ]
    }
  ]
}

Fetch list of computers filtered by hostname

Request

Requires Authorization

GET /v1/computers?hostname[]=Demo_AMP_Intel&limit=10

Headers

accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers?hostname[]=Demo_AMP_Intel&limit=10'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 2246
x-ratelimit-remaining: 2818
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2019-04-02T22:41:15Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/computers?hostname[]=Demo_AMP_Intel&limit=10"
    },
    "results": {
      "total": 1,
      "current_item_count": 1,
      "index": 0,
      "items_per_page": 10
    }
  },
  "data": [
    {
      "connector_guid": "0f6de888-e023-4020-8f0b-a82d64de8ef3",
      "hostname": "Demo_AMP_Intel",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3",
        "trajectory": "https://api.amp.cisco.com/v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
      },
      "connector_version": "6.3.1.10893",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "139.210.10.15"
      ],
      "external_ip": "99.254.102.26",
      "group_guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03",
      "install_date": "2019-03-12T15:30:41Z",
      "network_addresses": [
        {
          "mac": "10:48:6b:6b:06:74",
          "ip": "139.210.10.15"
        }
      ],
      "policy": {
        "guid": "520c7c68-a637-43b1-b851-7830b0b336b6",
        "name": "Protect Policy"
      },
      "last_seen": "2019-03-01T17:49:21Z",
      "faults": [

      ]
    }
  ]
}

Fetch list of computers filtered by internal_ip

Request

Requires Authorization

GET /v1/computers?internal_ip=139.210.10.15&limit=10

Headers

accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers?internal_ip=139.210.10.15&limit=10'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 2246
x-ratelimit-remaining: 2816
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2019-04-02T22:41:15Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/computers?internal_ip=139.210.10.15&limit=10"
    },
    "results": {
      "total": 1,
      "current_item_count": 1,
      "index": 0,
      "items_per_page": 10
    }
  },
  "data": [
    {
      "connector_guid": "0f6de888-e023-4020-8f0b-a82d64de8ef3",
      "hostname": "Demo_AMP_Intel",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3",
        "trajectory": "https://api.amp.cisco.com/v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
      },
      "connector_version": "6.3.1.10893",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "139.210.10.15"
      ],
      "external_ip": "99.254.102.26",
      "group_guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03",
      "install_date": "2019-03-12T15:30:41Z",
      "network_addresses": [
        {
          "mac": "10:48:6b:6b:06:74",
          "ip": "139.210.10.15"
        }
      ],
      "policy": {
        "guid": "520c7c68-a637-43b1-b851-7830b0b336b6",
        "name": "Protect Policy"
      },
      "last_seen": "2019-03-01T17:49:21Z",
      "faults": [

      ]
    }
  ]
}

Fetch list of computers filtered by external_ip

Request

Requires Authorization

GET /v1/computers?external_ip=99.254.102.26&limit=10

Headers

accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers?external_ip=99.254.102.26&limit=10'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 2245
x-ratelimit-remaining: 2814
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2019-04-02T22:41:15Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/computers?external_ip=99.254.102.26&limit=10"
    },
    "results": {
      "total": 1,
      "current_item_count": 1,
      "index": 0,
      "items_per_page": 10
    }
  },
  "data": [
    {
      "connector_guid": "0f6de888-e023-4020-8f0b-a82d64de8ef3",
      "hostname": "Demo_AMP_Intel",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3",
        "trajectory": "https://api.amp.cisco.com/v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
      },
      "connector_version": "6.3.1.10893",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "139.210.10.15"
      ],
      "external_ip": "99.254.102.26",
      "group_guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03",
      "install_date": "2019-03-12T15:30:41Z",
      "network_addresses": [
        {
          "mac": "10:48:6b:6b:06:74",
          "ip": "139.210.10.15"
        }
      ],
      "policy": {
        "guid": "520c7c68-a637-43b1-b851-7830b0b336b6",
        "name": "Protect Policy"
      },
      "last_seen": "2019-03-01T17:49:21Z",
      "faults": [

      ]
    }
  ]
}

Fetch list of computers filtered by group_guid

Request

Requires Authorization

GET /v1/computers?group_guid[]=6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03&limit=10

Headers

accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/computers?group_guid[]=6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03&limit=10'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 2244
x-ratelimit-remaining: 2812
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2019-04-02T22:41:15Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/computers?group_guid[]=6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03&limit=10",
      "next": "https://api.amp.cisco.com/v1/computers?group_guid%5B%5D=6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03&limit=10&offset=10"
    },
    "results": {
      "total": 16,
      "current_item_count": 10,
      "index": 0,
      "items_per_page": 10
    }
  },
  "data": [
    {
      "connector_guid": "0f6de888-e023-4020-8f0b-a82d64de8ef3",
      "hostname": "Demo_AMP_Intel",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3",
        "trajectory": "https://api.amp.cisco.com/v1/computers/0f6de888-e023-4020-8f0b-a82d64de8ef3/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
      },
      "connector_version": "6.3.1.10893",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "139.210.10.15"
      ],
      "external_ip": "99.254.102.26",
      "group_guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03",
      "install_date": "2019-03-12T15:30:41Z",
      "network_addresses": [
        {
          "mac": "10:48:6b:6b:06:74",
          "ip": "139.210.10.15"
        }
      ],
      "policy": {
        "guid": "520c7c68-a637-43b1-b851-7830b0b336b6",
        "name": "Protect Policy"
      },
      "last_seen": "2019-03-01T17:49:21Z",
      "faults": [

      ]
    },
    {
      "connector_guid": "d2abab43-7507-45fc-a8da-1a65c917b9a7",
      "hostname": "Demo_AMP_MAP_FriedEx",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/d2abab43-7507-45fc-a8da-1a65c917b9a7",
        "trajectory": "https://api.amp.cisco.com/v1/computers/d2abab43-7507-45fc-a8da-1a65c917b9a7/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
      },
      "connector_version": "6.3.1.10893",
      "operating_system": "Windows 7, SP 1.0",
      "internal_ips": [
        "212.143.221.79"
      ],
      "external_ip": "102.141.238.162",
      "group_guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03",
      "install_date": "2019-04-01T15:49:06Z",
      "network_addresses": [
        {
          "mac": "27:4c:6c:a7:b3:04",
          "ip": "212.143.221.79"
        }
      ],
      "policy": {
        "guid": "520c7c68-a637-43b1-b851-7830b0b336b6",
        "name": "Protect Policy"
      },
      "last_seen": "2019-03-01T17:49:21Z",
      "faults": [

      ]
    }
  ]
}