Cisco AMP for Endpoints

the cisco amp for endpoints connector integrates with swimlane to get computer, get group, and move host to group prerequisites the cisco amp for endpoints asset requires an api client id , api key , and an api url capabilities the cisco amp for endpoints connector has the following capabilities get computers get computer information get events get forensic snapshots get forensic snapshot by id get groups isolate computer move host to group unisolate computer api documentation for more information, click here https //developer cisco com/docs/secure endpoint/#!overview configurations http basic authentication authenticates using username and password configuration parameters parameter description type required url amp for endpoints api url string required username amp for endpoints api client id string required password amp for endpoints api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get computer information shows information about a specific computer endpoint url /v1/computers/{{connector guid}} method get input argument name type required description connector guid string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase version string output field version metadata object response data links object output field links self string output field self data object response data connector guid string unique identifier hostname string name of the resource windows processor id string unique identifier active boolean output field active links object output field links computer string output field computer trajectory string output field trajectory group string output field group connector version string output field connector version operating system string output field operating system os version string output field os version internal ips array output field internal ips external ip string output field external ip group guid string unique identifier install date string date value is compromised boolean output field is compromised demo boolean output field demo csc id string unique identifier example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 09 nov 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "version" "v1 2 0", "metadata" {}, "data" {} } } ] get computers fetch information about a specific computer with given connector guid endpoint url /v1/computers method get input argument name type required description last seen over number optional providing information by last seen over number of days ago last seen within number optional providing information by last seen within number of days group guid string optional providing information by group guid external ip string optional providing information by external ip internal ip string optional providing information by internal ip hostname string optional providing information by hostname kenna risk score string optional providing information by kenna risk score processor id string optional providing information by windows processor id or mac hardware id limit number optional to prevent the response from becoming too large, the number of items returned is limited by default to 5000 you can override this value by using the limit query parameter to specify a different number offset number optional the number of items to skip before starting to collect the result set output parameter type description status code number http status code of the response reason string response reason phrase version string output field version metadata object response data links object output field links self string output field self results object result of the operation total number output field total current item count number count value index number output field index items per page number output field items per page data array response data connector guid string unique identifier hostname string name of the resource windows processor id string unique identifier active boolean output field active links object output field links computer string output field computer trajectory string output field trajectory group string output field group connector version string output field connector version operating system string output field operating system os version string output field os version internal ips array output field internal ips file name string name of the resource example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 09 nov 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "version" "v1 2 0", "metadata" {}, "data" \[] } } ] get events fetch list of events endpoint url /v1/events method get input argument name type required description event type number optional type of the resource limit number optional parameter for get events start date string optional date value offset number optional parameter for get events detection sha256 string optional parameter for get events application sha256 string optional parameter for get events group guid string optional unique identifier connector guid string optional unique identifier output parameter type description status code number http status code of the response reason string response reason phrase version string output field version metadata object response data links object output field links self string output field self next string output field next results object result of the operation total number output field total current item count number count value index number output field index items per page number output field items per page data array response data example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 09 nov 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "version" "v1 2 0", "metadata" {}, "data" \[] } } ] get forensic snapshot by id returns details for a specific available forensic snapshot the details are under data snapshot endpoint url /v1/forensic snapshots/{{forensic snapshot id}} method get input argument name type required description forensic snapshot id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 09 nov 2023 20 37 23 gmt" }, "reason" "ok", "json body" {} } ] get forensic snapshots returns details for a specific available forensic snapshot the details are under data snapshot endpoint url /v1/forensic snapshots method get input argument name type required description limit number optional parameter for get forensic snapshots output parameter type description status code number http status code of the response reason string response reason phrase version string output field version metadata object response data links object output field links self string output field self results object result of the operation total number output field total current item count number count value index number output field index items per page number output field items per page data array response data connector guid string unique identifier user email string output field user email url string url endpoint for the request triggered by string output field triggered by example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 09 nov 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "version" "v1 2 0", "metadata" {}, "data" \[] } } ] get groups fetch list of groups filtered by name endpoint url /v1/groups method get input argument name type required description name string optional name of the resource limit number optional to prevent the response from becoming too large, the number of items returned is limited by default to 5000 you can override this value by using the limit query parameter to specify a different number output parameter type description status code number http status code of the response reason string response reason phrase version string output field version metadata object response data links object output field links self string output field self results object result of the operation total number output field total current item count number count value index number output field index items per page number output field items per page data array response data name string name of the resource description string output field description guid string unique identifier source string output field source links object output field links group string output field group example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 09 nov 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "version" "v1 2 0", "metadata" {}, "data" \[] } } ] isolate computer request isolation for a computer endpoint url /v1/computers/{{connector guid}}/isolation method put input argument name type required description connector guid string required unique identifier comment string optional parameter for isolate computer output parameter type description status code number http status code of the response reason string response reason phrase version string output field version metadata object response data links object output field links self string output field self data object response data available boolean output field available status string status value unlock code string output field unlock code comment string output field comment example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 09 nov 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "version" "v1 2 0", "metadata" {}, "data" {} } } ] move host to group move host to a specified group endpoint url /v1/computers/{{connector guid}} method patch input argument name type required description connector guid string required unique identifier group guid string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase version string output field version metadata object response data links object output field links self string output field self data object response data connector guid string unique identifier hostname string name of the resource windows processor id string unique identifier active boolean output field active links object output field links computer string output field computer trajectory string output field trajectory group string output field group connector version string output field connector version operating system string output field operating system os version string output field os version internal ips array output field internal ips external ip string output field external ip group guid string unique identifier install date string date value is compromised boolean output field is compromised demo boolean output field demo csc id string unique identifier example \[ { "status code" 202, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 09 nov 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "version" "v1 2 0", "metadata" {}, "data" {} } } ] unisolate computer stop isolation on a computer endpoint url /v1/computers/{{connector guid}}/isolation method delete input argument name type required description connector guid string required unique identifier comment string optional parameter for unisolate computer output parameter type description status code number http status code of the response reason string response reason phrase version string output field version metadata object response data links object output field links self string output field self data object response data available boolean output field available status string status value unlock code string output field unlock code comment string output field comment example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 09 nov 2023 20 37 23 gmt" }, "reason" "ok", "json body" { "version" "v1 2 0", "metadata" {}, "data" {} } } ] response headers header description example content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated thu, 09 nov 2023 20 37 23 gmt