Cisco AMP for Endpoints API

GET /v1/vulnerabilities

Description

This is a general query interface for vulnerabilities. This is analogous to the Vulnerable Software view on the AMP for Endpoints Console.

The list can be filtered to show only the vulnerable programs detected for a specific time range. For example: with the query string: start_time=2019-05-15&end_time=2019-05-20, it will return any vulnerable applications observed during the period 2019-05-15 - 2019-05-20.

start_time, end_time params accepts date and time expressed according to ISO 8601.

The list item contains a summary of information on the vulnerability, including:

application name and version
SHA-256 value for the executable file
Connectors on which the vulnerable application was observed
the most recent CVSS score

IMPORTANT! computers key returns information about the last 1000 Connectors on which the vulnerable application was observed.

Query Parameters

Name	Type	Example Values	Description
`start_time`	String (Time ISO8601)	2019-05-09T08:15:49+00:00, 2019-05-09	Inclusive (The list will include vulnerable programs detected at start_time)
`end_time`	String (Time ISO8601)	2019-05-16T08:15:49+00:00, 2019-05-16	Exclusive - if end_time is a time (The list will only include vulnerable programs detected before end_time); Inclusive - if end_time is a date (The list will include vulnerable programs detected on the date)
`offset`	Integer	10
`limit`	Integer	10
`group_guid[]`	GUID	68665863-74d5-4bc1-ac7f-5477b2b6406e

Show Response Fields

Name	Type	Description
version	String
metadata.links.self	String
metadata.links.prev	String
metadata.results.total	Integer
metadata.results.current_item_count	Integer
metadata.results.index	Integer
metadata.results.items_per_page	Integer
data	Array

Write

Preview

Describe this action in markdown

This is a general query interface for vulnerabilities. This is analogous to the Vulnerable Software view on the AMP for Endpoints Console.

The list can be filtered to show only the vulnerable programs detected for a specific time range. For example: with the query string: `start_time=2019-05-15&end_time=2019-05-20`, it will return any vulnerable applications observed during the period 2019-05-15 - 2019-05-20.

`start_time`, `end_time` params accepts date and time expressed according to ISO 8601.

The list item contains a summary of information on the vulnerability, including:

- application name and version

- SHA-256 value for the executable file

- Connectors on which the vulnerable application was observed

- the most recent CVSS score

**IMPORTANT!** `computers` key returns information about the last 1000 Connectors on which the vulnerable application was observed.

### Query Parameters

|Name|Type|Example Values|Description|
|----|----|----|----|
|`start_time`|String (Time ISO8601)|2019-05-09T08:15:49+00:00, 2019-05-09|Inclusive (The list will include vulnerable programs detected at start_time)|
|`end_time`|String (Time ISO8601)|2019-05-16T08:15:49+00:00, 2019-05-16|Exclusive - if end_time is a time (The list will only include vulnerable programs detected before end_time); Inclusive - if end_time is a date (The list will include vulnerable programs detected on the date)|
|`offset`|Integer|10||
|`limit`|Integer|10||
|`group_guid[]`|GUID|68665863-74d5-4bc1-ac7f-5477b2b6406e||
[Show Response Fields](response-fields)

|Name|Type|Description|
|---|---|---|
|version|String||
|metadata.links.self|String||
|metadata.links.prev|String||
|metadata.results.total|Integer||
|metadata.results.current_item_count|Integer||
|metadata.results.index|Integer||
|metadata.results.items_per_page|Integer||
|data|Array||

Auto Generate

Examples

Fetch list of vulnerabilities

Fetch list of vulnerabilities filtered by time range

Fetch list of vulnerabilities filtered by date range

Fetch list of vulnerabilities filtered by group_guid

Fetch list of vulnerabilities

Request

Requires Authorization

GET /v1/vulnerabilities?offset=0&limit=5

Headers

accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.apjc.amp.cisco.com/v1/vulnerabilities?offset=0&limit=5'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3524
x-ratelimit-remaining: 2894
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2020-02-20T19:42:33Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.apjc.amp.cisco.com/v1/vulnerabilities?offset=0&limit=5"
    },
    "results": {
      "total": 3,
      "current_item_count": 3,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": [
    {
      "application": "Adobe Flash Player",
      "version": "11.5.502.146",
      "file": {
        "filename": "FlashPlayerApp.exe",
        "identity": {
          "sha256": "c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b"
        }
      },
      "cves": [
        {
          "id": "CVE-2013-3333",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3333",
          "cvss": 10
        },
        {
          "id": "CVE-2014-0502",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502",
          "cvss": 10
        }
      ],
      "latest_timestamp": 1582218349,
      "latest_date": "2020-02-20T17:05:49+00:00",
      "groups": [
        {
          "name": "Triage",
          "description": "Triage Group for FireAMP API Docs",
          "guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e"
        }
      ],
      "computers_total_count": 1,
      "computers": [
        {
          "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
          "hostname": "Demo_ZAccess",
          "windows_processor_id": "df982a105b4e367",
          "active": true,
          "links": {
            "computer": "https://api.apjc.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
            "trajectory": "https://api.apjc.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
            "group": "https://api.apjc.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
          }
        }
      ]
    },
    {
      "application": "Oracle Java(TM) Platform SE",
      "version": "1.7.0:update_10",
      "file": {
        "filename": "java.exe",
        "identity": {
          "sha256": "0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9"
        }
      },
      "cves": [
        {
          "id": "CVE-2013-5830",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5830",
          "cvss": 10
        },
        {
          "id": "CVE-2013-5843",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5843",
          "cvss": 10
        }
      ],
      "latest_timestamp": 1582218305,
      "latest_date": "2020-02-20T17:05:05+00:00",
      "groups": [
        {
          "name": "Triage",
          "description": "Triage Group for FireAMP API Docs",
          "guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e"
        }
      ],
      "computers_total_count": 1,
      "computers": [
        {
          "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
          "hostname": "Demo_ZAccess",
          "windows_processor_id": "df982a105b4e367",
          "active": true,
          "links": {
            "computer": "https://api.apjc.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
            "trajectory": "https://api.apjc.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
            "group": "https://api.apjc.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
          }
        }
      ]
    }
  ]
}

Fetch list of vulnerabilities filtered by time range

Request

Requires Authorization

GET /v1/vulnerabilities?start_time=2020-02-13T17%3A05%3A49%2B00%3A00&end_time=2020-02-20T18%3A05%3A49%2B00%3A00&offset=0&limit=5

Headers

accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.apjc.amp.cisco.com/v1/vulnerabilities?start_time=2020-02-13T17%3A05%3A49%2B00%3A00&end_time=2020-02-20T18%3A05%3A49%2B00%3A00&offset=0&limit=5'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3523
x-ratelimit-remaining: 2893
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2020-02-20T19:42:33Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.apjc.amp.cisco.com/v1/vulnerabilities?start_time=2020-02-13T17%3A05%3A49%2B00%3A00&end_time=2020-02-20T18%3A05%3A49%2B00%3A00&offset=0&limit=5"
    },
    "results": {
      "total": 3,
      "current_item_count": 3,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": [
    {
      "application": "Adobe Flash Player",
      "version": "11.5.502.146",
      "file": {
        "filename": "FlashPlayerApp.exe",
        "identity": {
          "sha256": "c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b"
        }
      },
      "cves": [
        {
          "id": "CVE-2013-3333",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3333",
          "cvss": 10
        },
        {
          "id": "CVE-2014-0502",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502",
          "cvss": 10
        }
      ],
      "latest_timestamp": 1582218349,
      "latest_date": "2020-02-20T17:05:49+00:00",
      "groups": [
        {
          "name": "Triage",
          "description": "Triage Group for FireAMP API Docs",
          "guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e"
        }
      ],
      "computers_total_count": 1,
      "computers": [
        {
          "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
          "hostname": "Demo_ZAccess",
          "windows_processor_id": "df982a105b4e367",
          "active": true,
          "links": {
            "computer": "https://api.apjc.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
            "trajectory": "https://api.apjc.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
            "group": "https://api.apjc.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
          }
        }
      ]
    },
    {
      "application": "Oracle Java(TM) Platform SE",
      "version": "1.7.0:update_10",
      "file": {
        "filename": "java.exe",
        "identity": {
          "sha256": "0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9"
        }
      },
      "cves": [
        {
          "id": "CVE-2013-5830",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5830",
          "cvss": 10
        },
        {
          "id": "CVE-2013-5843",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5843",
          "cvss": 10
        }
      ],
      "latest_timestamp": 1582218305,
      "latest_date": "2020-02-20T17:05:05+00:00",
      "groups": [
        {
          "name": "Triage",
          "description": "Triage Group for FireAMP API Docs",
          "guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e"
        }
      ],
      "computers_total_count": 1,
      "computers": [
        {
          "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
          "hostname": "Demo_ZAccess",
          "windows_processor_id": "df982a105b4e367",
          "active": true,
          "links": {
            "computer": "https://api.apjc.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
            "trajectory": "https://api.apjc.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
            "group": "https://api.apjc.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
          }
        }
      ]
    }
  ]
}

Fetch list of vulnerabilities filtered by date range

Request

Requires Authorization

GET /v1/vulnerabilities?start_time=2020-02-13&end_time=2020-02-20&offset=0&limit=5

Headers

accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.apjc.amp.cisco.com/v1/vulnerabilities?start_time=2020-02-13&end_time=2020-02-20&offset=0&limit=5'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3523
x-ratelimit-remaining: 2892
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2020-02-20T19:42:33Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.apjc.amp.cisco.com/v1/vulnerabilities?start_time=2020-02-13&end_time=2020-02-20&offset=0&limit=5"
    },
    "results": {
      "total": 3,
      "current_item_count": 3,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": [
    {
      "application": "Adobe Flash Player",
      "version": "11.5.502.146",
      "file": {
        "filename": "FlashPlayerApp.exe",
        "identity": {
          "sha256": "c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b"
        }
      },
      "cves": [
        {
          "id": "CVE-2013-3333",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3333",
          "cvss": 10
        },
        {
          "id": "CVE-2014-0502",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502",
          "cvss": 10
        }
      ],
      "latest_timestamp": 1582218349,
      "latest_date": "2020-02-20T17:05:49+00:00",
      "groups": [
        {
          "name": "Triage",
          "description": "Triage Group for FireAMP API Docs",
          "guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e"
        }
      ],
      "computers_total_count": 1,
      "computers": [
        {
          "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
          "hostname": "Demo_ZAccess",
          "windows_processor_id": "df982a105b4e367",
          "active": true,
          "links": {
            "computer": "https://api.apjc.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
            "trajectory": "https://api.apjc.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
            "group": "https://api.apjc.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
          }
        }
      ]
    },
    {
      "application": "Oracle Java(TM) Platform SE",
      "version": "1.7.0:update_10",
      "file": {
        "filename": "java.exe",
        "identity": {
          "sha256": "0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9"
        }
      },
      "cves": [
        {
          "id": "CVE-2013-5830",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5830",
          "cvss": 10
        },
        {
          "id": "CVE-2013-5843",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5843",
          "cvss": 10
        }
      ],
      "latest_timestamp": 1582218305,
      "latest_date": "2020-02-20T17:05:05+00:00",
      "groups": [
        {
          "name": "Triage",
          "description": "Triage Group for FireAMP API Docs",
          "guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e"
        }
      ],
      "computers_total_count": 1,
      "computers": [
        {
          "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
          "hostname": "Demo_ZAccess",
          "windows_processor_id": "df982a105b4e367",
          "active": true,
          "links": {
            "computer": "https://api.apjc.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
            "trajectory": "https://api.apjc.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
            "group": "https://api.apjc.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
          }
        }
      ]
    }
  ]
}

Fetch list of vulnerabilities filtered by group_guid

Request

Requires Authorization

GET /v1/vulnerabilities?group_guid[]=68665863-74d5-4bc1-ac7f-5477b2b6406e&offset=0&limit=5

Headers

accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.apjc.amp.cisco.com/v1/vulnerabilities?group_guid[]=68665863-74d5-4bc1-ac7f-5477b2b6406e&offset=0&limit=5'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3522
x-ratelimit-remaining: 2891
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2020-02-20T19:42:33Z
transfer-encoding: chunked

{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.apjc.amp.cisco.com/v1/vulnerabilities?group_guid[]=68665863-74d5-4bc1-ac7f-5477b2b6406e&offset=0&limit=5"
    },
    "results": {
      "total": 2,
      "current_item_count": 2,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": [
    {
      "application": "Adobe Flash Player",
      "version": "11.5.502.146",
      "file": {
        "filename": "FlashPlayerApp.exe",
        "identity": {
          "sha256": "c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b"
        }
      },
      "cves": [
        {
          "id": "CVE-2013-3333",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3333",
          "cvss": 10
        },
        {
          "id": "CVE-2014-0502",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502",
          "cvss": 10
        }
      ],
      "latest_timestamp": 1582218349,
      "latest_date": "2020-02-20T17:05:49+00:00",
      "groups": [
        {
          "name": "Triage",
          "description": "Triage Group for FireAMP API Docs",
          "guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e"
        }
      ],
      "computers_total_count": 1,
      "computers": [
        {
          "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
          "hostname": "Demo_ZAccess",
          "windows_processor_id": "df982a105b4e367",
          "active": true,
          "links": {
            "computer": "https://api.apjc.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
            "trajectory": "https://api.apjc.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
            "group": "https://api.apjc.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
          }
        }
      ]
    },
    {
      "application": "Oracle Java(TM) Platform SE",
      "version": "1.7.0:update_10",
      "file": {
        "filename": "java.exe",
        "identity": {
          "sha256": "0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9"
        }
      },
      "cves": [
        {
          "id": "CVE-2013-5830",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5830",
          "cvss": 10
        },
        {
          "id": "CVE-2013-5843",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5843",
          "cvss": 10
        }
      ],
      "latest_timestamp": 1582218305,
      "latest_date": "2020-02-20T17:05:05+00:00",
      "groups": [
        {
          "name": "Triage",
          "description": "Triage Group for FireAMP API Docs",
          "guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e"
        }
      ],
      "computers_total_count": 1,
      "computers": [
        {
          "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
          "hostname": "Demo_ZAccess",
          "windows_processor_id": "df982a105b4e367",
          "active": true,
          "links": {
            "computer": "https://api.apjc.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
            "trajectory": "https://api.apjc.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
            "group": "https://api.apjc.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
          }
        }
      ]
    }
  ]
}