GET /v1/forensic_snapshots
Description
Provides a list of available forensic snapshots for the business. It can be restricted to only return snapshots for a specific computer if the connector_guid parameter is used. To retrieve the details of one snapshot use the data.url value from the response.
| Name | Type | Example Values | Description |
|---|---|---|---|
limit |
Integer | 10 | |
offset |
Integer | 0 | |
connector_guid |
GUID | 3efa64c9-3ded-45c0-b320-5d017952906b |
| Name | Type | Description |
|---|---|---|
| version | String | |
| metadata.links.self | String | |
| metadata.results.total | Integer | |
| metadata.results.current_item_count | Integer | |
| metadata.results.index | Integer | |
| metadata.results.items_per_page | Integer | |
| data | Array | |
| data[].connector_guid | GUID | |
| data[].user_email | String | |
| data[].url | String | |
| data[].triggered_by | String |
Examples
- Fetch list of available forensic snapshots
- Fetch list of available forensic snapshots filtered by connector_guid
- Fetch the details of a specific forensic snapshot
Fetch list of available forensic snapshots
Request
Requires AuthorizationGET /v1/forensic_snapshots?limit=10
Headers
accept: application/json
content-type: application/json
accept-encoding: identity
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'accept-encoding: identity' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/forensic_snapshots?limit=10'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ -H 'accept-encoding: identity' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.amp.cisco.com/v1/forensic_snapshots?limit=10'
Shortened for readability
content-type: application/json; charset=utf-8 transfer-encoding: chunked status: 200 OK referrer-policy: strict-origin-when-cross-origin x-permitted-cross-domain-policies: none x-download-options: noopen etag: W/"ef946c8b00243773f92d60754fa2096c" x-frame-options: SAMEORIGIN strict-transport-security: max-age=31536000
{
"version": "v1.2.0",
"metadata": {
"links": {
"self": "https://api.amp.cisco.com/v1/forensic_snapshots?limit=10"
},
"results": {
"total": 0,
"current_item_count": 0,
"index": 0,
"items_per_page": 10
}
},
"data": [
]
}
Fetch list of available forensic snapshots filtered by connector_guid
Request
Requires AuthorizationGET /v1/forensic_snapshots?limit=1
Headers
accept: application/json
content-type: application/json
accept-encoding: identity
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'accept-encoding: identity' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/forensic_snapshots?limit=1'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ -H 'accept-encoding: identity' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.amp.cisco.com/v1/forensic_snapshots?limit=1'
Shortened for readability
content-type: application/json; charset=utf-8 transfer-encoding: chunked status: 200 OK referrer-policy: strict-origin-when-cross-origin x-permitted-cross-domain-policies: none x-download-options: noopen etag: W/"7a925f6248e2026077a62f8a86853ac8" x-frame-options: SAMEORIGIN strict-transport-security: max-age=31536000
{
"version": "v1.2.0",
"metadata": {
"links": {
"self": "https://api.amp.cisco.com/v1/forensic_snapshots?limit=1"
},
"results": {
"total": 0,
"current_item_count": 0,
"index": 0,
"items_per_page": 1
}
},
"data": [
]
}
Fetch the details of a specific forensic snapshot
Request
Requires AuthorizationGET /v1/forensic_snapshots?limit=1
Headers
accept: application/json
content-type: application/json
accept-encoding: identity
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'accept-encoding: identity' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/forensic_snapshots?limit=1'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ -H 'accept-encoding: identity' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.amp.cisco.com/v1/forensic_snapshots?limit=1'
Shortened for readability
content-type: application/json; charset=utf-8 transfer-encoding: chunked status: 200 OK referrer-policy: strict-origin-when-cross-origin x-permitted-cross-domain-policies: none x-download-options: noopen etag: W/"7a925f6248e2026077a62f8a86853ac8" x-frame-options: SAMEORIGIN strict-transport-security: max-age=31536000
{
"version": "v1.2.0",
"metadata": {
"links": {
"self": "https://api.amp.cisco.com/v1/forensic_snapshots?limit=1"
},
"results": {
"total": 0,
"current_item_count": 0,
"index": 0,
"items_per_page": 1
}
},
"data": [
]
}