Cisco AMP for Endpoints API

GET /v1/vulnerabilities/{:sha256}/computers

Description

Provides a list of computers on which the vulnerability has been observed with given SHA-256.

The list can be filtered to show only the vulnerable computers observed for a specific time range. For example, the query string: start_time=2019-05-15&end_time=2019-05-20, will return any vulnerable computers observed during the period from 2019-05-15 to 2019-05-20.

The start_time and end_time parameters accept date and time expressed according to ISO 8601.

Query Parameters

Name Type Example Values Description
start_time Date 2019-05-22, 2019-05-22T07:05:49+00:00
end_time Date 2019-05-26, 2019-05-26T07:05:49+00:00
offset Integer 0
limit Integer 5
group_guid[] GUID 68665863-74d5-4bc1-ac7f-5477b2b6406e

Show Response Fields

Name Type Description
version String
metadata.links.self String
metadata.results.total Integer
metadata.results.current_item_count Integer
metadata.results.index Integer
metadata.results.items_per_page Integer
data Array
data[].connector_guid GUID
data[].hostname String
data[].active Boolean
data[].links.computer String
data[].links.trajectory String
data[].links.group String
data[].group_guid GUID
Write
Preview
Auto Generate

Examples

Fetch computers on which a specific vulnerability has been observed with given SHA-256
Fetch computers on which a specific vulnerability has been observed with given SHA-256 and filter...
Fetch computers on which a specific vulnerability has been observed with given SHA-256 and filter...
Fetch computers on which a specific vulnerability has been observed with given SHA-256 and filter...

Fetch computers on which a specific vulnerability has been observed with given SHA-256

Request

Requires Authorization 
GET /v1/vulnerabilities/c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b/computers?offset=0&limit=5
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/vulnerabilities/c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b/computers?offset=0&limit=5'

Response

Shortened for readability 

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3506
x-ratelimit-remaining: 2742
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2019-11-01T18:03:14Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/vulnerabilities/c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b/computers?offset=0&limit=5"
    },
    "results": {
      "total": 1,
      "current_item_count": 1,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": [
    {
      "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
      "hostname": "Demo_ZAccess",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
        "trajectory": "https://api.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      },
      "group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e"
    }
  ]
}

Fetch computers on which a specific vulnerability has been observed with given SHA-256 and filter by time range

Request

Requires Authorization 
GET /v1/vulnerabilities/c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b/computers?start_time=2019-10-25T16%3A05%3A49%2B00%3A00&end_time=2019-11-01T17%3A05%3A49%2B00%3A00&offset=0&limit=5
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/vulnerabilities/c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b/computers?start_time=2019-10-25T16%3A05%3A49%2B00%3A00&end_time=2019-11-01T17%3A05%3A49%2B00%3A00&offset=0&limit=5'

Response

Shortened for readability 

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3505
x-ratelimit-remaining: 2730
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2019-11-01T18:03:14Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/vulnerabilities/c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b/computers?start_time=2019-10-25T16%3A05%3A49%2B00%3A00&end_time=2019-11-01T17%3A05%3A49%2B00%3A00&offset=0&limit=5"
    },
    "results": {
      "total": 1,
      "current_item_count": 1,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": [
    {
      "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
      "hostname": "Demo_ZAccess",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
        "trajectory": "https://api.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      },
      "group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e"
    }
  ]
}

Fetch computers on which a specific vulnerability has been observed with given SHA-256 and filter by date range

Request

Requires Authorization 
GET /v1/vulnerabilities/c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b/computers?start_time=2019-10-25&end_time=2019-11-01&offset=0&limit=5
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/vulnerabilities/c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b/computers?start_time=2019-10-25&end_time=2019-11-01&offset=0&limit=5'

Response

Shortened for readability 

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3502
x-ratelimit-remaining: 2718
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2019-11-01T18:03:14Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/vulnerabilities/c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b/computers?start_time=2019-10-25&end_time=2019-11-01&offset=0&limit=5"
    },
    "results": {
      "total": 1,
      "current_item_count": 1,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": [
    {
      "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
      "hostname": "Demo_ZAccess",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
        "trajectory": "https://api.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      },
      "group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e"
    }
  ]
}

Fetch computers on which a specific vulnerability has been observed with given SHA-256 and filter by group_guid

Request

Requires Authorization 
GET /v1/vulnerabilities/c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b/computers?group_guid[]=68665863-74d5-4bc1-ac7f-5477b2b6406e&offset=0&limit=5
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/vulnerabilities/c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b/computers?group_guid[]=68665863-74d5-4bc1-ac7f-5477b2b6406e&offset=0&limit=5'

Response

Shortened for readability 

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3501
x-ratelimit-remaining: 2706
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2019-11-01T18:03:14Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/vulnerabilities/c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b/computers?group_guid[]=68665863-74d5-4bc1-ac7f-5477b2b6406e&offset=0&limit=5"
    },
    "results": {
      "total": 1,
      "current_item_count": 1,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": [
    {
      "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
      "hostname": "Demo_ZAccess",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
        "trajectory": "https://api.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
      },
      "group_guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e"
    }
  ]
}