Cisco AMP for Endpoints API

GET /v1/indicators/{:indicator_guid}


Shows information about a specific indicator.

Show Response Fields

Name Type Description
version String
metadata.links.self String String
data.description String
data.guid GUID
data.severity String
data.mitre.tactics Array
data.mitre.tactics[].external_id String
data.mitre.tactics[].name String
data.mitre.tactics[].mitre_url String
data.mitre.techniques Array
data.mitre.techniques[].external_id String
data.mitre.techniques[].name String
data.mitre.techniques[].mitre_url String
data.observed_compromises.unresolved Integer
data.observed_compromises.in_progress Integer
data.observed_compromises.resolved Integer


Fetch indicator with given indicator_guid

Fetch indicator with given indicator_guid


Requires Authorization
GET /v1/indicators/299952c7-0836-4e0c-9ef2-4d0573185c7b
accept: application/json
content-type: application/json
accept-encoding: identity
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'accept-encoding: identity' \
--compressed -H 'Accept-Encoding: gzip, deflate' \


Shortened for readability

content-type: application/json
transfer-encoding: chunked
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3561
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000
referrer-policy: strict-origin-when-cross-origin
x-ratelimit-remaining: 2900
x-permitted-cross-domain-policies: none
x-download-options: noopen
etag: W/"ae85a6f06776872f0ef1d06c5ddbae2c"
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2021-12-01T23:36:58Z
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": ""
  "data": {
    "name": "Crossrider.ioc",
    "description": "Crossrider is a an Adware variant that targets Mac with the intent of displaying ads. It also changes the default home page of Safari and Chrome browsers.",
    "guid": "299952c7-0836-4e0c-9ef2-4d0573185c7b",
    "severity": "Medium",
    "mitre": {
      "tactics": [
          "external_id": "TA0040",
          "name": "Impact",
          "mitre_url": ""
      "techniques": [
          "external_id": "T1565.003",
          "name": "Runtime Data Manipulation",
          "mitre_url": ""
    "observed_compromises": {
      "unresolved": 0,
      "in_progress": 0,
      "resolved": 0