Cisco AMP for Endpoints API

GET /v1/vulnerabilities

Description

This is a general query interface for vulnerabilities. This is analogous to the Vulnerable Software view on the AMP for Endpoints Console.

The list can be filtered to show only the vulnerable programs detected for a specific time range. For example: with the query string: start_time=2019-05-15&end_time=2019-05-20, it will return any vulnerable applications observed during the period 2019-05-15 - 2019-05-20.

start_time, end_time params accepts date and time expressed according to ISO 8601.

The list item contains a summary of information on the vulnerability, including:

  • application name and version

  • SHA-256 value for the executable file

  • Connectors on which the vulnerable application was observed

  • the most recent CVSS score

IMPORTANT! computers key returns information about the last 1000 Connectors on which the vulnerable application was observed.

Query Parameters

Name Type Example Values Description
start_time String (Time ISO8601) 2019-05-09T08:15:49+00:00, 2019-05-09 Inclusive (The list will include vulnerable programs detected at start_time)
end_time String (Time ISO8601) 2019-05-16T08:15:49+00:00, 2019-05-16 Exclusive - if end_time is a time (The list will only include vulnerable programs detected before end_time); Inclusive - if end_time is a date (The list will include vulnerable programs detected on the date)
offset Integer 10
limit Integer 10
group_guid[] GUID 68665863-74d5-4bc1-ac7f-5477b2b6406e

Show Response Fields

Name Type Description
version String
metadata.links.self String
metadata.links.prev String
metadata.results.total Integer
metadata.results.current_item_count Integer
metadata.results.index Integer
metadata.results.items_per_page Integer
data Array
Write
Preview

Examples

Fetch list of vulnerabilities
Fetch list of vulnerabilities filtered by time range
Fetch list of vulnerabilities filtered by date range
Fetch list of vulnerabilities filtered by group_guid

Fetch list of vulnerabilities

Request

Requires Authorization
GET /v1/vulnerabilities?offset=0&limit=5
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.eu.amp.cisco.com/v1/vulnerabilities?offset=0&limit=5'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3529
x-ratelimit-remaining: 2898
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2019-11-22T19:40:39Z
transfer-encoding: chunked
{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.eu.amp.cisco.com/v1/vulnerabilities?offset=0&limit=5"
    },
    "results": {
      "total": 5,
      "current_item_count": 5,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": [
    {
      "application": "Adobe Flash Player",
      "version": "11.5.502.146",
      "file": {
        "filename": "FlashPlayerApp.exe",
        "identity": {
          "sha256": "c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b"
        }
      },
      "cves": [
        {
          "id": "CVE-2013-3333",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3333",
          "cvss": 10
        },
        {
          "id": "CVE-2014-0502",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502",
          "cvss": 10
        }
      ],
      "latest_timestamp": 1574442349,
      "latest_date": "2019-11-22T17:05:49+00:00",
      "groups": [
        {
          "name": "Triage",
          "description": "Triage Group for FireAMP API Docs",
          "guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e"
        }
      ],
      "computers_total_count": 1,
      "computers": [
        {
          "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
          "hostname": "Demo_ZAccess",
          "active": true,
          "links": {
            "computer": "https://api.eu.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
            "trajectory": "https://api.eu.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
            "group": "https://api.eu.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
          }
        }
      ]
    },
    {
      "application": "Oracle Java(TM) Platform SE",
      "version": "1.7.0:update_10",
      "file": {
        "filename": "java.exe",
        "identity": {
          "sha256": "0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9"
        }
      },
      "cves": [
        {
          "id": "CVE-2013-5830",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5830",
          "cvss": 10
        },
        {
          "id": "CVE-2013-5843",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5843",
          "cvss": 10
        }
      ],
      "latest_timestamp": 1574442305,
      "latest_date": "2019-11-22T17:05:05+00:00",
      "groups": [
        {
          "name": "Triage",
          "description": "Triage Group for FireAMP API Docs",
          "guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e"
        }
      ],
      "computers_total_count": 1,
      "computers": [
        {
          "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
          "hostname": "Demo_ZAccess",
          "active": true,
          "links": {
            "computer": "https://api.eu.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
            "trajectory": "https://api.eu.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
            "group": "https://api.eu.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
          }
        }
      ]
    }
  ]
}

Fetch list of vulnerabilities filtered by time range

Request

Requires Authorization
GET /v1/vulnerabilities?start_time=2019-11-15T17%3A05%3A49%2B00%3A00&end_time=2019-11-22T18%3A05%3A49%2B00%3A00&offset=0&limit=5
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.eu.amp.cisco.com/v1/vulnerabilities?start_time=2019-11-15T17%3A05%3A49%2B00%3A00&end_time=2019-11-22T18%3A05%3A49%2B00%3A00&offset=0&limit=5'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3528
x-ratelimit-remaining: 2897
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2019-11-22T19:40:39Z
transfer-encoding: chunked
{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.eu.amp.cisco.com/v1/vulnerabilities?start_time=2019-11-15T17%3A05%3A49%2B00%3A00&end_time=2019-11-22T18%3A05%3A49%2B00%3A00&offset=0&limit=5"
    },
    "results": {
      "total": 3,
      "current_item_count": 3,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": [
    {
      "application": "Adobe Flash Player",
      "version": "11.5.502.146",
      "file": {
        "filename": "FlashPlayerApp.exe",
        "identity": {
          "sha256": "c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b"
        }
      },
      "cves": [
        {
          "id": "CVE-2013-3333",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3333",
          "cvss": 10
        },
        {
          "id": "CVE-2014-0502",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502",
          "cvss": 10
        }
      ],
      "latest_timestamp": 1574442349,
      "latest_date": "2019-11-22T17:05:49+00:00",
      "groups": [
        {
          "name": "Triage",
          "description": "Triage Group for FireAMP API Docs",
          "guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e"
        }
      ],
      "computers_total_count": 1,
      "computers": [
        {
          "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
          "hostname": "Demo_ZAccess",
          "active": true,
          "links": {
            "computer": "https://api.eu.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
            "trajectory": "https://api.eu.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
            "group": "https://api.eu.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
          }
        }
      ]
    },
    {
      "application": "Oracle Java(TM) Platform SE",
      "version": "1.7.0:update_10",
      "file": {
        "filename": "java.exe",
        "identity": {
          "sha256": "0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9"
        }
      },
      "cves": [
        {
          "id": "CVE-2013-5830",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5830",
          "cvss": 10
        },
        {
          "id": "CVE-2013-5843",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5843",
          "cvss": 10
        }
      ],
      "latest_timestamp": 1574442305,
      "latest_date": "2019-11-22T17:05:05+00:00",
      "groups": [
        {
          "name": "Triage",
          "description": "Triage Group for FireAMP API Docs",
          "guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e"
        }
      ],
      "computers_total_count": 1,
      "computers": [
        {
          "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
          "hostname": "Demo_ZAccess",
          "active": true,
          "links": {
            "computer": "https://api.eu.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
            "trajectory": "https://api.eu.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
            "group": "https://api.eu.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
          }
        }
      ]
    }
  ]
}

Fetch list of vulnerabilities filtered by date range

Request

Requires Authorization
GET /v1/vulnerabilities?start_time=2019-11-15&end_time=2019-11-22&offset=0&limit=5
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.eu.amp.cisco.com/v1/vulnerabilities?start_time=2019-11-15&end_time=2019-11-22&offset=0&limit=5'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3527
x-ratelimit-remaining: 2896
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2019-11-22T19:40:39Z
transfer-encoding: chunked
{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.eu.amp.cisco.com/v1/vulnerabilities?start_time=2019-11-15&end_time=2019-11-22&offset=0&limit=5"
    },
    "results": {
      "total": 3,
      "current_item_count": 3,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": [
    {
      "application": "Adobe Flash Player",
      "version": "11.5.502.146",
      "file": {
        "filename": "FlashPlayerApp.exe",
        "identity": {
          "sha256": "c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b"
        }
      },
      "cves": [
        {
          "id": "CVE-2013-3333",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3333",
          "cvss": 10
        },
        {
          "id": "CVE-2014-0502",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502",
          "cvss": 10
        }
      ],
      "latest_timestamp": 1574442349,
      "latest_date": "2019-11-22T17:05:49+00:00",
      "groups": [
        {
          "name": "Triage",
          "description": "Triage Group for FireAMP API Docs",
          "guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e"
        }
      ],
      "computers_total_count": 1,
      "computers": [
        {
          "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
          "hostname": "Demo_ZAccess",
          "active": true,
          "links": {
            "computer": "https://api.eu.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
            "trajectory": "https://api.eu.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
            "group": "https://api.eu.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
          }
        }
      ]
    },
    {
      "application": "Oracle Java(TM) Platform SE",
      "version": "1.7.0:update_10",
      "file": {
        "filename": "java.exe",
        "identity": {
          "sha256": "0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9"
        }
      },
      "cves": [
        {
          "id": "CVE-2013-5830",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5830",
          "cvss": 10
        },
        {
          "id": "CVE-2013-5843",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5843",
          "cvss": 10
        }
      ],
      "latest_timestamp": 1574442305,
      "latest_date": "2019-11-22T17:05:05+00:00",
      "groups": [
        {
          "name": "Triage",
          "description": "Triage Group for FireAMP API Docs",
          "guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e"
        }
      ],
      "computers_total_count": 1,
      "computers": [
        {
          "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
          "hostname": "Demo_ZAccess",
          "active": true,
          "links": {
            "computer": "https://api.eu.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
            "trajectory": "https://api.eu.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
            "group": "https://api.eu.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
          }
        }
      ]
    }
  ]
}

Fetch list of vulnerabilities filtered by group_guid

Request

Requires Authorization
GET /v1/vulnerabilities?group_guid[]=68665863-74d5-4bc1-ac7f-5477b2b6406e&offset=0&limit=5
Headers
accept: application/json
content-type: application/json
authorization: Basic FILTERED

cURL Edit, then copy and paste on your terminal

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
'https://api.eu.amp.cisco.com/v1/vulnerabilities?group_guid[]=68665863-74d5-4bc1-ac7f-5477b2b6406e&offset=0&limit=5'

Response

Shortened for readability

strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
status: 200 OK
x-ratelimit-limit: 3000
x-ratelimit-reset: 3525
x-ratelimit-remaining: 2895
x-frame-options: SAMEORIGIN
x-ratelimit-resetdate: 2019-11-22T19:40:39Z
transfer-encoding: chunked
{
  "version": "v1.2.0",
  "metadata": {
    "links": {
      "self": "https://api.eu.amp.cisco.com/v1/vulnerabilities?group_guid[]=68665863-74d5-4bc1-ac7f-5477b2b6406e&offset=0&limit=5"
    },
    "results": {
      "total": 2,
      "current_item_count": 2,
      "index": 0,
      "items_per_page": 5
    }
  },
  "data": [
    {
      "application": "Adobe Flash Player",
      "version": "11.5.502.146",
      "file": {
        "filename": "FlashPlayerApp.exe",
        "identity": {
          "sha256": "c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b"
        }
      },
      "cves": [
        {
          "id": "CVE-2013-3333",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3333",
          "cvss": 10
        },
        {
          "id": "CVE-2014-0502",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502",
          "cvss": 10
        }
      ],
      "latest_timestamp": 1574442349,
      "latest_date": "2019-11-22T17:05:49+00:00",
      "groups": [
        {
          "name": "Triage",
          "description": "Triage Group for FireAMP API Docs",
          "guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e"
        }
      ],
      "computers_total_count": 1,
      "computers": [
        {
          "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
          "hostname": "Demo_ZAccess",
          "active": true,
          "links": {
            "computer": "https://api.eu.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
            "trajectory": "https://api.eu.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
            "group": "https://api.eu.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
          }
        }
      ]
    },
    {
      "application": "Oracle Java(TM) Platform SE",
      "version": "1.7.0:update_10",
      "file": {
        "filename": "java.exe",
        "identity": {
          "sha256": "0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9"
        }
      },
      "cves": [
        {
          "id": "CVE-2013-5830",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5830",
          "cvss": 10
        },
        {
          "id": "CVE-2013-5843",
          "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5843",
          "cvss": 10
        }
      ],
      "latest_timestamp": 1574442305,
      "latest_date": "2019-11-22T17:05:05+00:00",
      "groups": [
        {
          "name": "Triage",
          "description": "Triage Group for FireAMP API Docs",
          "guid": "68665863-74d5-4bc1-ac7f-5477b2b6406e"
        }
      ],
      "computers_total_count": 1,
      "computers": [
        {
          "connector_guid": "17d71471-805b-4183-9121-3924b8982fac",
          "hostname": "Demo_ZAccess",
          "active": true,
          "links": {
            "computer": "https://api.eu.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac",
            "trajectory": "https://api.eu.amp.cisco.com/v1/computers/17d71471-805b-4183-9121-3924b8982fac/trajectory",
            "group": "https://api.eu.amp.cisco.com/v1/groups/68665863-74d5-4bc1-ac7f-5477b2b6406e"
          }
        }
      ]
    }
  ]
}