Cisco AMP for Endpoints API

GET /v1/forensic_snapshots

Description

Provides a list of available forensic snapshots for the business. It can be restricted to only return snapshots for a specific computer if the connector_guid parameter is used. To retrieve the details of one snapshot use the data.url value from the response.

Name Type Example Values Description
limit Integer 10
offset Integer 0
connector_guid GUID 3efa64c9-3ded-45c0-b320-5d017952906b

Show Response Fields

Name Type Description
version String
metadata.links.self String
metadata.results.total Integer
metadata.results.current_item_count Integer
metadata.results.index Integer
metadata.results.items_per_page Integer
data Array
data[].connector_guid GUID
data[].user_email String
data[].url String
data[].triggered_by String
Write
Preview

Examples

Fetch list of available forensic snapshots
Fetch list of available forensic snapshots filtered by connector_guid
Fetch the details of a specific forensic snapshot

Fetch list of available forensic snapshots

Request

Requires Authorization
GET /v1/forensic_snapshots?limit=10
Headers
accept: application/json
content-type: application/json
accept-encoding: identity
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'accept-encoding: identity' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.eu.amp.cisco.com/v1/forensic_snapshots?limit=10'

Response

Shortened for readability

content-type: application/json; charset=utf-8
transfer-encoding: chunked
status: 200 OK
referrer-policy: strict-origin-when-cross-origin
x-permitted-cross-domain-policies: none
x-download-options: noopen
etag: W/"ef946c8b00243773f92d60754fa2096c"
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.eu.amp.cisco.com/v1/forensic_snapshots?limit=10"
    },
    "results": {
      "total": 0,
      "current_item_count": 0,
      "index": 0,
      "items_per_page": 10
    }
  },
  "data": [

  ]
}

Fetch list of available forensic snapshots filtered by connector_guid

Request

Requires Authorization
GET /v1/forensic_snapshots?limit=1
Headers
accept: application/json
content-type: application/json
accept-encoding: identity
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'accept-encoding: identity' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.eu.amp.cisco.com/v1/forensic_snapshots?limit=1'

Response

Shortened for readability

content-type: application/json; charset=utf-8
transfer-encoding: chunked
status: 200 OK
referrer-policy: strict-origin-when-cross-origin
x-permitted-cross-domain-policies: none
x-download-options: noopen
etag: W/"7a925f6248e2026077a62f8a86853ac8"
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.eu.amp.cisco.com/v1/forensic_snapshots?limit=1"
    },
    "results": {
      "total": 0,
      "current_item_count": 0,
      "index": 0,
      "items_per_page": 1
    }
  },
  "data": [

  ]
}

Fetch the details of a specific forensic snapshot

Request

Requires Authorization
GET /v1/forensic_snapshots?limit=1
Headers
accept: application/json
content-type: application/json
accept-encoding: identity
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'accept-encoding: identity' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.eu.amp.cisco.com/v1/forensic_snapshots?limit=1'

Response

Shortened for readability

content-type: application/json; charset=utf-8
transfer-encoding: chunked
status: 200 OK
referrer-policy: strict-origin-when-cross-origin
x-permitted-cross-domain-policies: none
x-download-options: noopen
etag: W/"7a925f6248e2026077a62f8a86853ac8"
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.eu.amp.cisco.com/v1/forensic_snapshots?limit=1"
    },
    "results": {
      "total": 0,
      "current_item_count": 0,
      "index": 0,
      "items_per_page": 1
    }
  },
  "data": [

  ]
}