Cisco AMP for Endpoints API

GET /v1/vulnerabilities/{:sha256}/computers

Description

Provides a list of computers on which the vulnerability has been observed with given SHA-256.

The list can be filtered to show only the vulnerable computers observed for a specific time range. For example, the query string: start_time=2019-05-15&end_time=2019-05-20, will return any vulnerable computers observed during the period from 2019-05-15 to 2019-05-20.

The start_time and end_time parameters accept date and time expressed according to ISO 8601.

Query Parameters

Name	Type	Example Values
`start_time`	Date	2019-05-22, 2019-05-22T07:05:49+00:00
`end_time`	Date	2019-05-26, 2019-05-26T07:05:49+00:00
`offset`	Integer	0
`limit`	Integer	5
`group_guid[]`	GUID	68665863-74d5-4bc1-ac7f-5477b2b6406e

Show Response Fields

Name	Type	Description
version	String
metadata.links.self	String
metadata.results.total	Integer
metadata.results.current_item_count	Integer
metadata.results.index	Integer
metadata.results.items_per_page	Integer
data	Array
data[].connector_guid	GUID
data[].hostname	String
data[].active	Boolean
data[].links.computer	String
data[].links.trajectory	String
data[].links.group	String
data[].group_guid	GUID

Write

Preview

Describe this action in markdown

Provides a list of computers on which the vulnerability has been observed with given SHA-256.

The list can be filtered to show only the vulnerable computers observed for a specific time range. For example, the query string: `start_time=2019-05-15&end_time=2019-05-20`, will return any vulnerable computers observed during the period from 2019-05-15 to 2019-05-20.

The `start_time` and `end_time` parameters accept date and time expressed according to ISO 8601.

### Query Parameters

|Name|Type|Example Values|Description|
|----|----|----|----|
|`start_time`|Date|2019-05-22, 2019-05-22T07:05:49+00:00||
|`end_time`|Date|2019-05-26, 2019-05-26T07:05:49+00:00||
|`offset`|Integer|0||
|`limit`|Integer|5||
|`group_guid[]`|GUID|68665863-74d5-4bc1-ac7f-5477b2b6406e||
[Show Response Fields](response-fields)

|Name|Type|Description|
|---|---|---|
|version|String||
|metadata.links.self|String||
|metadata.results.total|Integer||
|metadata.results.current_item_count|Integer||
|metadata.results.index|Integer||
|metadata.results.items_per_page|Integer||
|data|Array||
|data[].connector_guid|GUID||
|data[].hostname|String||
|data[].active|Boolean||
|data[].links.computer|String||
|data[].links.trajectory|String||
|data[].links.group|String||
|data[].group_guid|GUID||

Auto Generate

Examples

Fetch computers on which a specific vulnerability has been observed with given SHA-256

Fetch computers on which a specific vulnerability has been observed with given SHA-256 and filter...

Fetch computers on which a specific vulnerability has been observed with given SHA-256

Request

Requires Authorization

GET /v1/vulnerabilities/4312CDB2EAD8FD8D2DD6D8D716F3B6E9717B3D7167A2A0495E4391312102170F/computers?offset=0&limit=5

Headers

accept: application/json
content-type: application/json
accept-encoding: identity
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'accept-encoding: identity' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/vulnerabilities/4312CDB2EAD8FD8D2DD6D8D716F3B6E9717B3D7167A2A0495E4391312102170F/computers?offset=0&limit=5'

Response

Shortened for readability

content-type: application/json
transfer-encoding: chunked
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 866
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000
referrer-policy: strict-origin-when-cross-origin
x-ratelimit-remaining: 2769
x-permitted-cross-domain-policies: none
x-download-options: noopen
etag: W/"f3aa07103e52ca44f85daeb06e696069"
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2022-03-18T11:55:11Z

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/vulnerabilities/4312CDB2EAD8FD8D2DD6D8D716F3B6E9717B3D7167A2A0495E4391312102170F/computers?offset=0&limit=5"
    },
    "results": {
      "total": 1,
      "current_item_count": 1,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": [
    {
      "connector_guid": "8ebeb060-465f-41a7-b7d0-b4490d8cc08c",
      "hostname": "Demo_AMP_Exploit_Prevention",
      "windows_processor_id": "30f6257891edb4a",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/8ebeb060-465f-41a7-b7d0-b4490d8cc08c",
        "trajectory": "https://api.amp.cisco.com/v1/computers/8ebeb060-465f-41a7-b7d0-b4490d8cc08c/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
      },
      "group_guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
    }
  ]
}

Fetch computers on which a specific vulnerability has been observed with given SHA-256 and filter by time range

Request

Requires Authorization

GET /v1/vulnerabilities/4312CDB2EAD8FD8D2DD6D8D716F3B6E9717B3D7167A2A0495E4391312102170F/computers?start_time=2022-03-11T10%3A20%3A00%2B00%3A00&end_time=2022-03-18T11%3A20%3A00%2B00%3A00&offset=0&limit=5

Headers

accept: application/json
content-type: application/json
accept-encoding: identity
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'accept-encoding: identity' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/vulnerabilities/4312CDB2EAD8FD8D2DD6D8D716F3B6E9717B3D7167A2A0495E4391312102170F/computers?start_time=2022-03-11T10%3A20%3A00%2B00%3A00&end_time=2022-03-18T11%3A20%3A00%2B00%3A00&offset=0&limit=5'

Response

Shortened for readability

content-type: application/json
transfer-encoding: chunked
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 866
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000
referrer-policy: strict-origin-when-cross-origin
x-ratelimit-remaining: 2768
x-permitted-cross-domain-policies: none
x-download-options: noopen
etag: W/"8a7ffc3f5fa3a19ee8424f4e6735508d"
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2022-03-18T11:55:11Z

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/vulnerabilities/4312CDB2EAD8FD8D2DD6D8D716F3B6E9717B3D7167A2A0495E4391312102170F/computers?start_time=2022-03-11T10%3A20%3A00%2B00%3A00&end_time=2022-03-18T11%3A20%3A00%2B00%3A00&offset=0&limit=5"
    },
    "results": {
      "total": 1,
      "current_item_count": 1,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": [
    {
      "connector_guid": "8ebeb060-465f-41a7-b7d0-b4490d8cc08c",
      "hostname": "Demo_AMP_Exploit_Prevention",
      "windows_processor_id": "30f6257891edb4a",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/8ebeb060-465f-41a7-b7d0-b4490d8cc08c",
        "trajectory": "https://api.amp.cisco.com/v1/computers/8ebeb060-465f-41a7-b7d0-b4490d8cc08c/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
      },
      "group_guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
    }
  ]
}

Fetch computers on which a specific vulnerability has been observed with given SHA-256 and filter by date range

Request

Requires Authorization

GET /v1/vulnerabilities/4312CDB2EAD8FD8D2DD6D8D716F3B6E9717B3D7167A2A0495E4391312102170F/computers?start_time=2022-03-11&end_time=2022-03-18&offset=0&limit=5

Headers

accept: application/json
content-type: application/json
accept-encoding: identity
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'accept-encoding: identity' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/vulnerabilities/4312CDB2EAD8FD8D2DD6D8D716F3B6E9717B3D7167A2A0495E4391312102170F/computers?start_time=2022-03-11&end_time=2022-03-18&offset=0&limit=5'

Response

Shortened for readability

content-type: application/json
transfer-encoding: chunked
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 865
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000
referrer-policy: strict-origin-when-cross-origin
x-ratelimit-remaining: 2767
x-permitted-cross-domain-policies: none
x-download-options: noopen
etag: W/"82910748fca42b8e512cc7c7344861f9"
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2022-03-18T11:55:11Z

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/vulnerabilities/4312CDB2EAD8FD8D2DD6D8D716F3B6E9717B3D7167A2A0495E4391312102170F/computers?start_time=2022-03-11&end_time=2022-03-18&offset=0&limit=5"
    },
    "results": {
      "total": 1,
      "current_item_count": 1,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": [
    {
      "connector_guid": "8ebeb060-465f-41a7-b7d0-b4490d8cc08c",
      "hostname": "Demo_AMP_Exploit_Prevention",
      "windows_processor_id": "30f6257891edb4a",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/8ebeb060-465f-41a7-b7d0-b4490d8cc08c",
        "trajectory": "https://api.amp.cisco.com/v1/computers/8ebeb060-465f-41a7-b7d0-b4490d8cc08c/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
      },
      "group_guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
    }
  ]
}

Fetch computers on which a specific vulnerability has been observed with given SHA-256 and filter by group_guid

Request

Requires Authorization

GET /v1/vulnerabilities/4312CDB2EAD8FD8D2DD6D8D716F3B6E9717B3D7167A2A0495E4391312102170F/computers?group_guid%5B%5D=b3ec6a58-20df-4504-b427-be2b8f922de5&offset=0&limit=5

Headers

accept: application/json
content-type: application/json
accept-encoding: identity
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'accept-encoding: identity' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.amp.cisco.com/v1/vulnerabilities/4312CDB2EAD8FD8D2DD6D8D716F3B6E9717B3D7167A2A0495E4391312102170F/computers?group_guid%5B%5D=b3ec6a58-20df-4504-b427-be2b8f922de5&offset=0&limit=5'

Response

Shortened for readability

content-type: application/json
transfer-encoding: chunked
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 865
strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000
referrer-policy: strict-origin-when-cross-origin
x-ratelimit-remaining: 2766
x-permitted-cross-domain-policies: none
x-download-options: noopen
etag: W/"78cdb423f929610112a12211d0534701"
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2022-03-18T11:55:11Z

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/vulnerabilities/4312CDB2EAD8FD8D2DD6D8D716F3B6E9717B3D7167A2A0495E4391312102170F/computers?group_guid%5B%5D=b3ec6a58-20df-4504-b427-be2b8f922de5&offset=0&limit=5"
    },
    "results": {
      "total": 1,
      "current_item_count": 1,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": [
    {
      "connector_guid": "8ebeb060-465f-41a7-b7d0-b4490d8cc08c",
      "hostname": "Demo_AMP_Exploit_Prevention",
      "windows_processor_id": "30f6257891edb4a",
      "active": true,
      "links": {
        "computer": "https://api.amp.cisco.com/v1/computers/8ebeb060-465f-41a7-b7d0-b4490d8cc08c",
        "trajectory": "https://api.amp.cisco.com/v1/computers/8ebeb060-465f-41a7-b7d0-b4490d8cc08c/trajectory",
        "group": "https://api.amp.cisco.com/v1/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
      },
      "group_guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
    }
  ]
}