Cisco AMP for Endpoints API

GET /v1/computers

Description

Query Parameters

Name Type Example Values Description
hostname[] Date Demo_AMP_MAP_FriedEx
limit Integer 10
offset Integer 20
internal_ip String 212.143.221.79
external_ip String 102.141.238.162
group_guid[] GUID 6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03

Show Response Fields

Name Type Description
version String
metadata.links.self String
metadata.results.total Integer
metadata.results.current_item_count Integer
metadata.results.index Integer
metadata.results.items_per_page Integer
data Array
data[].connector_guid GUID
data[].hostname String
data[].active Boolean
data[].links.computer String
data[].links.trajectory String
data[].links.group String
data[].connector_version String
data[].operating_system String
data[].internal_ips Array
data[].internal_ips[] String
data[].external_ip String
data[].group_guid GUID
data[].install_date String (Time ISO8601)
data[].network_addresses Array
data[].network_addresses[].mac String
data[].network_addresses[].ip String
data[].policy.guid GUID
data[].policy.name String
data[].last_seen String (Time ISO8601)
data[].faults Array
data[].isolation.available Boolean
data[].isolation.status String

Note

The hostname search is conducted with an ending wildcard so a list of hosts will be returned if multiple matches occur.

Write
Preview

Examples

Fetch list of computers
Fetch list of computers filtered by hostname
Fetch list of computers filtered by internal_ip
Fetch list of computers filtered by external_ip
Fetch list of computers filtered by group_guid

Fetch list of computers

Request

Requires Authorization
GET /v1/computers
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.apjc.amp.cisco.com/v1/computers'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3581
x-ratelimit-remaining: 2969
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2020-02-20T19:42:33Z
transfer-encoding: chunked
{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.apjc.amp.cisco.com/v1/computers"
    },
    "results": {
      "total": 39,
      "current_item_count": 39,
      "index": 0,
      "items_per_page": 500
    }
  },
  "data": [
    {
      "connector_guid": "d821e2d9-9280-489c-a6c3-be02d85ba8a0",
      "hostname": "Demo_Command_Line_Arguments_Kovter",
      "windows_processor_id": "1937b8e046adf25",
      "active": true,
      "links": {
        "computer": "https://api.apjc.amp.cisco.com/v1/computers/d821e2d9-9280-489c-a6c3-be02d85ba8a0",
        "trajectory": "https://api.apjc.amp.cisco.com/v1/computers/d821e2d9-9280-489c-a6c3-be02d85ba8a0/trajectory",
        "group": "https://api.apjc.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      },
      "connector_version": "99.0.99.11594",
      "operating_system": "Windows 10, SP 0.0",
      "internal_ips": [
        "48.228.237.163"
      ],
      "external_ip": "87.18.29.150",
      "group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e",
      "install_date": "2020-02-17T08:47:17Z",
      "network_addresses": [
        {
          "mac": "cd:e0:30:42:21:f7",
          "ip": "48.228.237.163"
        }
      ],
      "policy": {
        "guid": "75f5a2b7-2875-41c1-9a11-0b212f347a08",
        "name": "Triage Policy"
      },
      "last_seen": "2020-02-18T09:17:34Z",
      "faults": [

      ],
      "isolation": {
        "available": false,
        "status": "not_isolated"
      },
      "orbital": {
        "status": "not_enabled"
      }
    },
    {
      "connector_guid": "c34ec2d5-b3ca-4464-a508-d159d3094a0d",
      "hostname": "Demo_Command_Line_Arguments_Meterpreter",
      "windows_processor_id": "5912f78e3b6da40",
      "active": true,
      "links": {
        "computer": "https://api.apjc.amp.cisco.com/v1/computers/c34ec2d5-b3ca-4464-a508-d159d3094a0d",
        "trajectory": "https://api.apjc.amp.cisco.com/v1/computers/c34ec2d5-b3ca-4464-a508-d159d3094a0d/trajectory",
        "group": "https://api.apjc.amp.cisco.com/v1/groups/b077d6bc-bbdf-42f7-8838-a06053fbd98a"
      },
      "connector_version": "99.0.99.11594",
      "operating_system": "Windows 10, SP 0.0",
      "internal_ips": [
        "123.41.160.218"
      ],
      "external_ip": "117.52.229.114",
      "group_guid": "b077d6bc-bbdf-42f7-8838-a06053fbd98a",
      "install_date": "2020-02-17T08:32:58Z",
      "network_addresses": [
        {
          "mac": "08:fa:bd:47:1b:63",
          "ip": "123.41.160.218"
        }
      ],
      "policy": {
        "guid": "89912c9e-8dbd-4c2b-a1d8-dee8a0c2bb29",
        "name": "Audit Policy"
      },
      "last_seen": "2020-02-18T09:17:42Z",
      "faults": [

      ],
      "isolation": {
        "available": false,
        "status": "not_isolated"
      },
      "orbital": {
        "status": "not_enabled"
      }
    }
  ]
}

Fetch list of computers filtered by hostname

Request

Requires Authorization
GET /v1/computers?hostname[]=Demo_Command_Line_Arguments_Kovter&limit=10&offset=20
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.apjc.amp.cisco.com/v1/computers?hostname[]=Demo_Command_Line_Arguments_Kovter&limit=10&offset=20'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3579
x-ratelimit-remaining: 2968
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2020-02-20T19:42:33Z
transfer-encoding: chunked
{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.apjc.amp.cisco.com/v1/computers?hostname[]=Demo_Command_Line_Arguments_Kovter&limit=10&offset=20",
      "prev": "https://api.apjc.amp.cisco.com/v1/computers?hostname%5B%5D=Demo_Command_Line_Arguments_Kovter&limit=10&offset=0"
    },
    "results": {
      "total": 1,
      "current_item_count": 0,
      "index": 20,
      "items_per_page": 10
    }
  },
  "data": [

  ]
}

Fetch list of computers filtered by internal_ip

Request

Requires Authorization
GET /v1/computers?internal_ip=48.228.237.163&limit=10&offset=20
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.apjc.amp.cisco.com/v1/computers?internal_ip=48.228.237.163&limit=10&offset=20'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3579
x-ratelimit-remaining: 2967
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2020-02-20T19:42:33Z
transfer-encoding: chunked
{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.apjc.amp.cisco.com/v1/computers?internal_ip=48.228.237.163&limit=10&offset=20",
      "prev": "https://api.apjc.amp.cisco.com/v1/computers?internal_ip=48.228.237.163&limit=10&offset=0"
    },
    "results": {
      "total": 1,
      "current_item_count": 0,
      "index": 20,
      "items_per_page": 10
    }
  },
  "data": [

  ]
}

Fetch list of computers filtered by external_ip

Request

Requires Authorization
GET /v1/computers?external_ip=87.18.29.150&limit=10&offset=20
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.apjc.amp.cisco.com/v1/computers?external_ip=87.18.29.150&limit=10&offset=20'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3578
x-ratelimit-remaining: 2966
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2020-02-20T19:42:33Z
transfer-encoding: chunked
{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.apjc.amp.cisco.com/v1/computers?external_ip=87.18.29.150&limit=10&offset=20",
      "prev": "https://api.apjc.amp.cisco.com/v1/computers?external_ip=87.18.29.150&limit=10&offset=0"
    },
    "results": {
      "total": 1,
      "current_item_count": 0,
      "index": 20,
      "items_per_page": 10
    }
  },
  "data": [

  ]
}

Fetch list of computers filtered by group_guid

Request

Requires Authorization
GET /v1/computers?group_guid[]=68665863-74d5-4bc1-ac7f-5477b2b6406e&limit=10&offset=20
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.apjc.amp.cisco.com/v1/computers?group_guid[]=68665863-74d5-4bc1-ac7f-5477b2b6406e&limit=10&offset=20'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3578
x-ratelimit-remaining: 2965
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2020-02-20T19:42:33Z
transfer-encoding: chunked
{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.apjc.amp.cisco.com/v1/computers?group_guid[]=68665863-74d5-4bc1-ac7f-5477b2b6406e&limit=10&offset=20",
      "prev": "https://api.apjc.amp.cisco.com/v1/computers?group_guid%5B%5D=68665863-74d5-4bc1-ac7f-5477b2b6406e&limit=10&offset=0"
    },
    "results": {
      "total": 7,
      "current_item_count": 0,
      "index": 20,
      "items_per_page": 10
    }
  },
  "data": [

  ]
}