GET /v1/vulnerabilities
Description
This is a general query interface for vulnerabilities. This is analogous to the Vulnerable Software view on the AMP for Endpoints Console.
The list can be filtered to show only the vulnerable programs detected for a specific time range. For example: with the query string: start_time=2019-05-15&end_time=2019-05-20, it will return any vulnerable applications observed during the period 2019-05-15 - 2019-05-20.
start_time, end_time params accepts date and time expressed according to ISO 8601.
The list item contains a summary of information on the vulnerability, including:
application name and version
SHA-256 value for the executable file
Connectors on which the vulnerable application was observed
the most recent CVSS score
IMPORTANT! computers key returns information about the last 1000 Connectors on which the vulnerable application was observed.
Query Parameters
| Name | Type | Example Values | Description |
|---|---|---|---|
start_time |
String (Time ISO8601) | 2019-05-09T08:15:49+00:00, 2019-05-09 | Inclusive (The list will include vulnerable programs detected at start_time) |
end_time |
String (Time ISO8601) | 2019-05-16T08:15:49+00:00, 2019-05-16 | Exclusive - if end_time is a time (The list will only include vulnerable programs detected before end_time); Inclusive - if end_time is a date (The list will include vulnerable programs detected on the date) |
offset |
Integer | 10 | |
limit |
Integer | 10 | |
group_guid[] |
GUID | 68665863-74d5-4bc1-ac7f-5477b2b6406e |
| Name | Type | Description |
|---|---|---|
| version | String | |
| metadata.links.self | String | |
| metadata.links.prev | String | |
| metadata.results.total | Integer | |
| metadata.results.current_item_count | Integer | |
| metadata.results.index | Integer | |
| metadata.results.items_per_page | Integer | |
| data | Array |
Examples
- Fetch list of vulnerabilities
- Fetch list of vulnerabilities filtered by time range
- Fetch list of vulnerabilities filtered by date range
- Fetch list of vulnerabilities filtered by group_guid
Fetch list of vulnerabilities
Request
Requires AuthorizationGET /v1/vulnerabilities?offset=0&limit=5
Headers
accept: application/json
content-type: application/json
accept-encoding: identity
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'accept-encoding: identity' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.apjc.amp.cisco.com/v1/vulnerabilities?offset=0&limit=5'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ -H 'accept-encoding: identity' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.apjc.amp.cisco.com/v1/vulnerabilities?offset=0&limit=5'
Shortened for readability
content-type: application/json transfer-encoding: chunked status: 200 OK x-ratelimit-limit: 3000 x-ratelimit-reset: 868 strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000 referrer-policy: strict-origin-when-cross-origin x-ratelimit-remaining: 2773 x-permitted-cross-domain-policies: none x-download-options: noopen etag: W/"544d75b1556fe11ef08f46ff5701b94f" x-frame-options: SAMEORIGIN x-ratelimit-resetdate: 2022-03-18T11:55:11Z
{
"version": "v1.2.0",
"metadata": {
"links": {
"self": "https://api.apjc.amp.cisco.com/v1/vulnerabilities?offset=0&limit=5",
"next": "https://api.apjc.amp.cisco.com/v1/vulnerabilities?limit=5&offset=5"
},
"results": {
"total": 8,
"current_item_count": 5,
"index": 0,
"items_per_page": 5
}
},
"data": [
{
"application": "Mozilla Firefox",
"version": "41.0",
"file": {
"filename": "firefox.exe",
"identity": {
"sha256": "4312CDB2EAD8FD8D2DD6D8D716F3B6E9717B3D7167A2A0495E4391312102170F"
}
},
"cves": [
{
"id": "CVE-2015-7204",
"link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7204",
"cvss": 6.8
}
],
"latest_timestamp": 1647598800,
"latest_date": "2022-03-18T10:20:00+00:00",
"groups": [
{
"name": "Protect",
"description": "Protect Group for FireAMP API Docs",
"guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
}
],
"computers_total_count": 1,
"computers": [
{
"connector_guid": "8ebeb060-465f-41a7-b7d0-b4490d8cc08c",
"hostname": "Demo_AMP_Exploit_Prevention",
"windows_processor_id": "30f6257891edb4a",
"active": true,
"links": {
"computer": "https://api.apjc.amp.cisco.com/v1/computers/8ebeb060-465f-41a7-b7d0-b4490d8cc08c",
"trajectory": "https://api.apjc.amp.cisco.com/v1/computers/8ebeb060-465f-41a7-b7d0-b4490d8cc08c/trajectory",
"group": "https://api.apjc.amp.cisco.com/v1/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
}
}
]
},
{
"application": "Adobe Flash Player",
"version": "11.5.502.146",
"file": {
"filename": "FlashPlayerApp.exe",
"identity": {
"sha256": "c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b"
}
},
"cves": [
{
"id": "CVE-2013-3333",
"link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3333",
"cvss": 10
},
{
"id": "CVE-2014-0502",
"link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502",
"cvss": 10
}
],
"latest_timestamp": 1647597949,
"latest_date": "2022-03-18T10:05:49+00:00",
"groups": [
{
"name": "Audit",
"description": "Audit Group for FireAMP API Docs",
"guid": "b077d6bc-bbdf-42f7-8838-a06053fbd98a"
}
],
"computers_total_count": 1,
"computers": [
{
"connector_guid": "8571ee01-fecb-4472-b583-27a9b3a8751f",
"hostname": "Demo_ZAccess",
"windows_processor_id": "0b8671ea9234d5f",
"active": true,
"links": {
"computer": "https://api.apjc.amp.cisco.com/v1/computers/8571ee01-fecb-4472-b583-27a9b3a8751f",
"trajectory": "https://api.apjc.amp.cisco.com/v1/computers/8571ee01-fecb-4472-b583-27a9b3a8751f/trajectory",
"group": "https://api.apjc.amp.cisco.com/v1/groups/b077d6bc-bbdf-42f7-8838-a06053fbd98a"
}
}
]
}
]
}
Fetch list of vulnerabilities filtered by time range
Request
Requires AuthorizationGET /v1/vulnerabilities?start_time=2022-03-11T10%3A20%3A00%2B00%3A00&end_time=2022-03-18T11%3A20%3A00%2B00%3A00&offset=0&limit=5
Headers
accept: application/json
content-type: application/json
accept-encoding: identity
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'accept-encoding: identity' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.apjc.amp.cisco.com/v1/vulnerabilities?start_time=2022-03-11T10%3A20%3A00%2B00%3A00&end_time=2022-03-18T11%3A20%3A00%2B00%3A00&offset=0&limit=5'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ -H 'accept-encoding: identity' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.apjc.amp.cisco.com/v1/vulnerabilities?start_time=2022-03-11T10%3A20%3A00%2B00%3A00&end_time=2022-03-18T11%3A20%3A00%2B00%3A00&offset=0&limit=5'
Shortened for readability
content-type: application/json transfer-encoding: chunked status: 200 OK x-ratelimit-limit: 3000 x-ratelimit-reset: 868 strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000 referrer-policy: strict-origin-when-cross-origin x-ratelimit-remaining: 2772 x-permitted-cross-domain-policies: none x-download-options: noopen etag: W/"1f731b81d478214b61398413909e86ca" x-frame-options: SAMEORIGIN x-ratelimit-resetdate: 2022-03-18T11:55:11Z
{
"version": "v1.2.0",
"metadata": {
"links": {
"self": "https://api.apjc.amp.cisco.com/v1/vulnerabilities?start_time=2022-03-11T10%3A20%3A00%2B00%3A00&end_time=2022-03-18T11%3A20%3A00%2B00%3A00&offset=0&limit=5"
},
"results": {
"total": 5,
"current_item_count": 5,
"index": 0,
"items_per_page": 5
}
},
"data": [
{
"application": "Mozilla Firefox",
"version": "41.0",
"file": {
"filename": "firefox.exe",
"identity": {
"sha256": "4312CDB2EAD8FD8D2DD6D8D716F3B6E9717B3D7167A2A0495E4391312102170F"
}
},
"cves": [
{
"id": "CVE-2015-7204",
"link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7204",
"cvss": 6.8
}
],
"latest_timestamp": 1647598800,
"latest_date": "2022-03-18T10:20:00+00:00",
"groups": [
{
"name": "Protect",
"description": "Protect Group for FireAMP API Docs",
"guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
}
],
"computers_total_count": 1,
"computers": [
{
"connector_guid": "8ebeb060-465f-41a7-b7d0-b4490d8cc08c",
"hostname": "Demo_AMP_Exploit_Prevention",
"windows_processor_id": "30f6257891edb4a",
"active": true,
"links": {
"computer": "https://api.apjc.amp.cisco.com/v1/computers/8ebeb060-465f-41a7-b7d0-b4490d8cc08c",
"trajectory": "https://api.apjc.amp.cisco.com/v1/computers/8ebeb060-465f-41a7-b7d0-b4490d8cc08c/trajectory",
"group": "https://api.apjc.amp.cisco.com/v1/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
}
}
]
},
{
"application": "Adobe Flash Player",
"version": "11.5.502.146",
"file": {
"filename": "FlashPlayerApp.exe",
"identity": {
"sha256": "c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b"
}
},
"cves": [
{
"id": "CVE-2013-3333",
"link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3333",
"cvss": 10
},
{
"id": "CVE-2014-0502",
"link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502",
"cvss": 10
}
],
"latest_timestamp": 1647597949,
"latest_date": "2022-03-18T10:05:49+00:00",
"groups": [
{
"name": "Audit",
"description": "Audit Group for FireAMP API Docs",
"guid": "b077d6bc-bbdf-42f7-8838-a06053fbd98a"
}
],
"computers_total_count": 1,
"computers": [
{
"connector_guid": "8571ee01-fecb-4472-b583-27a9b3a8751f",
"hostname": "Demo_ZAccess",
"windows_processor_id": "0b8671ea9234d5f",
"active": true,
"links": {
"computer": "https://api.apjc.amp.cisco.com/v1/computers/8571ee01-fecb-4472-b583-27a9b3a8751f",
"trajectory": "https://api.apjc.amp.cisco.com/v1/computers/8571ee01-fecb-4472-b583-27a9b3a8751f/trajectory",
"group": "https://api.apjc.amp.cisco.com/v1/groups/b077d6bc-bbdf-42f7-8838-a06053fbd98a"
}
}
]
}
]
}
Fetch list of vulnerabilities filtered by date range
Request
Requires AuthorizationGET /v1/vulnerabilities?start_time=2022-03-11&end_time=2022-03-18&offset=0&limit=5
Headers
accept: application/json
content-type: application/json
accept-encoding: identity
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'accept-encoding: identity' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.apjc.amp.cisco.com/v1/vulnerabilities?start_time=2022-03-11&end_time=2022-03-18&offset=0&limit=5'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ -H 'accept-encoding: identity' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.apjc.amp.cisco.com/v1/vulnerabilities?start_time=2022-03-11&end_time=2022-03-18&offset=0&limit=5'
Shortened for readability
content-type: application/json transfer-encoding: chunked status: 200 OK x-ratelimit-limit: 3000 x-ratelimit-reset: 867 strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000 referrer-policy: strict-origin-when-cross-origin x-ratelimit-remaining: 2771 x-permitted-cross-domain-policies: none x-download-options: noopen etag: W/"f15dc5bfb9cb51d0a1793240d86a3271" x-frame-options: SAMEORIGIN x-ratelimit-resetdate: 2022-03-18T11:55:11Z
{
"version": "v1.2.0",
"metadata": {
"links": {
"self": "https://api.apjc.amp.cisco.com/v1/vulnerabilities?start_time=2022-03-11&end_time=2022-03-18&offset=0&limit=5"
},
"results": {
"total": 5,
"current_item_count": 5,
"index": 0,
"items_per_page": 5
}
},
"data": [
{
"application": "Mozilla Firefox",
"version": "41.0",
"file": {
"filename": "firefox.exe",
"identity": {
"sha256": "4312CDB2EAD8FD8D2DD6D8D716F3B6E9717B3D7167A2A0495E4391312102170F"
}
},
"cves": [
{
"id": "CVE-2015-7204",
"link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7204",
"cvss": 6.8
}
],
"latest_timestamp": 1647598800,
"latest_date": "2022-03-18T10:20:00+00:00",
"groups": [
{
"name": "Protect",
"description": "Protect Group for FireAMP API Docs",
"guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
}
],
"computers_total_count": 1,
"computers": [
{
"connector_guid": "8ebeb060-465f-41a7-b7d0-b4490d8cc08c",
"hostname": "Demo_AMP_Exploit_Prevention",
"windows_processor_id": "30f6257891edb4a",
"active": true,
"links": {
"computer": "https://api.apjc.amp.cisco.com/v1/computers/8ebeb060-465f-41a7-b7d0-b4490d8cc08c",
"trajectory": "https://api.apjc.amp.cisco.com/v1/computers/8ebeb060-465f-41a7-b7d0-b4490d8cc08c/trajectory",
"group": "https://api.apjc.amp.cisco.com/v1/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
}
}
]
},
{
"application": "Adobe Flash Player",
"version": "11.5.502.146",
"file": {
"filename": "FlashPlayerApp.exe",
"identity": {
"sha256": "c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b"
}
},
"cves": [
{
"id": "CVE-2013-3333",
"link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3333",
"cvss": 10
},
{
"id": "CVE-2014-0502",
"link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502",
"cvss": 10
}
],
"latest_timestamp": 1647597949,
"latest_date": "2022-03-18T10:05:49+00:00",
"groups": [
{
"name": "Audit",
"description": "Audit Group for FireAMP API Docs",
"guid": "b077d6bc-bbdf-42f7-8838-a06053fbd98a"
}
],
"computers_total_count": 1,
"computers": [
{
"connector_guid": "8571ee01-fecb-4472-b583-27a9b3a8751f",
"hostname": "Demo_ZAccess",
"windows_processor_id": "0b8671ea9234d5f",
"active": true,
"links": {
"computer": "https://api.apjc.amp.cisco.com/v1/computers/8571ee01-fecb-4472-b583-27a9b3a8751f",
"trajectory": "https://api.apjc.amp.cisco.com/v1/computers/8571ee01-fecb-4472-b583-27a9b3a8751f/trajectory",
"group": "https://api.apjc.amp.cisco.com/v1/groups/b077d6bc-bbdf-42f7-8838-a06053fbd98a"
}
}
]
}
]
}
Fetch list of vulnerabilities filtered by group_guid
Request
Requires AuthorizationGET /v1/vulnerabilities?group_guid%5B%5D=b3ec6a58-20df-4504-b427-be2b8f922de5&offset=0&limit=5
Headers
accept: application/json
content-type: application/json
accept-encoding: identity
authorization: Basic FILTERED
cURL Edit, then copy and paste on your terminal
curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'accept-encoding: identity' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.apjc.amp.cisco.com/v1/vulnerabilities?group_guid%5B%5D=b3ec6a58-20df-4504-b427-be2b8f922de5&offset=0&limit=5'
Response
cURL Edit, then copy and paste on your terminal
curl -X GET \ -H 'accept: application/json' \ -H 'content-type: application/json' \ -H 'accept-encoding: identity' \ --compressed -H 'Accept-Encoding: gzip, deflate' \ -u YOUR_API_CLIENT_ID \ 'https://api.apjc.amp.cisco.com/v1/vulnerabilities?group_guid%5B%5D=b3ec6a58-20df-4504-b427-be2b8f922de5&offset=0&limit=5'
Shortened for readability
content-type: application/json transfer-encoding: chunked status: 200 OK x-ratelimit-limit: 3000 x-ratelimit-reset: 867 strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000 referrer-policy: strict-origin-when-cross-origin x-ratelimit-remaining: 2770 x-permitted-cross-domain-policies: none x-download-options: noopen etag: W/"db2d52ecb9fdfc6e946e5e04f74163bf" x-frame-options: SAMEORIGIN x-ratelimit-resetdate: 2022-03-18T11:55:11Z
{
"version": "v1.2.0",
"metadata": {
"links": {
"self": "https://api.apjc.amp.cisco.com/v1/vulnerabilities?group_guid%5B%5D=b3ec6a58-20df-4504-b427-be2b8f922de5&offset=0&limit=5"
},
"results": {
"total": 1,
"current_item_count": 1,
"index": 0,
"items_per_page": 5
}
},
"data": [
{
"application": "Mozilla Firefox",
"version": "41.0",
"file": {
"filename": "firefox.exe",
"identity": {
"sha256": "4312CDB2EAD8FD8D2DD6D8D716F3B6E9717B3D7167A2A0495E4391312102170F"
}
},
"cves": [
{
"id": "CVE-2015-7204",
"link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7204",
"cvss": 6.8
}
],
"latest_timestamp": 1647598800,
"latest_date": "2022-03-18T10:20:00+00:00",
"groups": [
{
"name": "Protect",
"description": "Protect Group for FireAMP API Docs",
"guid": "6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
}
],
"computers_total_count": 1,
"computers": [
{
"connector_guid": "8ebeb060-465f-41a7-b7d0-b4490d8cc08c",
"hostname": "Demo_AMP_Exploit_Prevention",
"windows_processor_id": "30f6257891edb4a",
"active": true,
"links": {
"computer": "https://api.apjc.amp.cisco.com/v1/computers/8ebeb060-465f-41a7-b7d0-b4490d8cc08c",
"trajectory": "https://api.apjc.amp.cisco.com/v1/computers/8ebeb060-465f-41a7-b7d0-b4490d8cc08c/trajectory",
"group": "https://api.apjc.amp.cisco.com/v1/groups/6c3c2005-4c74-4ba7-8dbb-c4d5b6bafe03"
}
}
]
}
]
}