GET /v1/indicators/{:indicator_guid}
Description
Shows information about a specific indicator.
| Name | Type | Description |
|---|---|---|
| version | String | |
| metadata.links.self | String | |
| data.name | String | |
| data.description | String | |
| data.guid | GUID | |
| data.severity | String | |
| data.mitre.tactics | Array | |
| data.mitre.tactics[].external_id | String | |
| data.mitre.tactics[].name | String | |
| data.mitre.tactics[].mitre_url | String | |
| data.mitre.techniques | Array | |
| data.mitre.techniques[].external_id | String | |
| data.mitre.techniques[].name | String | |
| data.mitre.techniques[].mitre_url | String | |
| data.observed_compromises.unresolved | Integer | |
| data.observed_compromises.in_progress | Integer | |
| data.observed_compromises.resolved | Integer |
Examples
Fetch indicator with given indicator_guid
Request
Requires AuthorizationGET /v1/indicators/299952c7-0836-4e0c-9ef2-4d0573185c7b
Headers
accept: application/json
content-type: application/json
accept-encoding: identity
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'accept-encoding: identity' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/indicators/299952c7-0836-4e0c-9ef2-4d0573185c7b'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ -H 'accept-encoding: identity' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.amp.cisco.com/v1/indicators/299952c7-0836-4e0c-9ef2-4d0573185c7b'
Shortened for readability
content-type: application/json transfer-encoding: chunked status: 200 OK x-ratelimit-limit: 3000 x-ratelimit-reset: 3561 strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000 referrer-policy: strict-origin-when-cross-origin x-ratelimit-remaining: 2900 x-permitted-cross-domain-policies: none x-download-options: noopen etag: W/"ae85a6f06776872f0ef1d06c5ddbae2c" x-frame-options: SAMEORIGIN x-ratelimit-resetdate: 2021-12-01T23:36:58Z
{
"version": "v1.2.0",
"metadata": {
"links": {
"self": "https://api.amp.cisco.com/v1/indicators/299952c7-0836-4e0c-9ef2-4d0573185c7b"
}
},
"data": {
"name": "Crossrider.ioc",
"description": "Crossrider is a an Adware variant that targets Mac with the intent of displaying ads. It also changes the default home page of Safari and Chrome browsers.",
"guid": "299952c7-0836-4e0c-9ef2-4d0573185c7b",
"severity": "Medium",
"mitre": {
"tactics": [
{
"external_id": "TA0040",
"name": "Impact",
"mitre_url": "https://attack.mitre.org/tactics/TA0040"
}
],
"techniques": [
{
"external_id": "T1565.003",
"name": "Runtime Data Manipulation",
"mitre_url": "https://attack.mitre.org/techniques/T1565/003"
}
]
},
"observed_compromises": {
"unresolved": 0,
"in_progress": 0,
"resolved": 0
}
}
}