Configuration parameters
server_url— Server URL (required)credentials— Third Party API Client ID (required)insecure— Trust any certificate (not secure)integrationReliability— Source Reliability (required)proxy— Use system proxy settingsmax_fetch— Maximum incidents to fetch.incident_severities— Incident severity to fetch.first_fetch— First fetch timeevent_types— Event typesincidentType— Incident typeisFetch— Fetch incidents
Commands (30)
-
cisco-amp-app-trajectory-query-listRetrieve app_trajectory queries for a given IOS bundle ID.
-
cisco-amp-computer-activity-listFetch a list of computers that have observed files with a given file name. Provides the ability to search all computers across an organization for any events or activities associated with a file or network operation, and returns computers matching those criteria. There is a hard limit of 5000 historical entries searched.
-
cisco-amp-computer-deleteDeletes a specific computer with given connector_guid.
-
cisco-amp-computer-isolation-createRequest isolation for a computer. Supports polling. Isolation must be enabled within the computer's policy. This can be done through the instance. Log in to your account -> Management -> Policies -> Choose the relevant policy -> Edit -> Advanced Settings -> Endpoint Isolation -> Allow Endpoint Isolation.
-
cisco-amp-computer-isolation-deleteRequest isolation stop for a computer. Supports polling. Isolation must be enabled within the computer's policy. This can be done through the instance. Log in to your account -> Management -> Policies -> Choose the relevant policy -> Edit -> Advanced Settings -> Endpoint Isolation -> Allow Endpoint Isolation.
-
cisco-amp-computer-isolation-feature-availability-getPerforms a feature availability request on a computer. Isolation must be enabled within the computer's policy. This can be done through the instance. Log in to your account -> Management -> Policies -> Choose the relevant policy -> Edit -> Advanced Settings -> Endpoint Isolation -> Allow Endpoint Isolation.
-
cisco-amp-computer-isolation-getReturns a fine-grained isolation status for a computer. The available flag is set to true if isolation can be performed on the computer. Status will be set to one of - not_isolated, pending_start, isolated and pending_stop. Isolation must be enabled within the computer's policy. This can be done through the instance. Log in to your account -> Management -> Policies -> Choose the relevant policy -> Edit -> Advanced Settings -> Endpoint Isolation -> Allow Endpoint Isolation.
-
cisco-amp-computer-listFetch computers to show information about them. Can be filtered by a variety of criteria.
-
cisco-amp-computer-moveMoves a computer to a group with the given connector_guid and group_guid.
-
cisco-amp-computer-trajectory-listProvides a list of all activities associated with a particular computer. This is analogous to the Device Trajectory on the FireAMP console.
-
cisco-amp-computer-user-activity-listFetch a list of computers that have observed activity by the given username.
-
cisco-amp-computer-user-trajectory-listFetch a specific computer's trajectory with a given connector GUID and filter for events with user name activity.
-
cisco-amp-computer-vulnerabilities-listProvides a list of vulnerabilities observed on a specific computer. The vulnerabilities can be filtered to show only vulnerable applications observed for a specific time range.
-
cisco-amp-event-listFetch a list of events that can be filtered by a variety of criteria. Each criteria type is logically ANDed with the other criteria, and each selection of a criteria is logically ORed. This is analogous to the Events view on the FireAMP Console.
-
cisco-amp-event-type-listFetches a list of event types. Events are identified and filtered by a unique ID.
-
cisco-amp-file-list-item-createCreates a file list item with a given SHA-256 for a specific file list with a given file_list_guid.
-
cisco-amp-file-list-item-deleteDeletes a file list item with a given SHA-256 and associated to a file list with a given file_list_guid.
-
cisco-amp-file-list-item-listReturns a list of items for a particular file_list. file_list_guid must be provided to retrieve these items. A particular item can be returned by providing a SHA-256.
-
cisco-amp-file-list-listReturns a particular file list for application blocking or simple custom detection. file_list_guid must be provided to retrieve information about a particular file_list. Can fetch an application_blocking or simple_custom_detection file list. Defaults to application_blocking.
-
cisco-amp-group-createCreates a new group along with a group name or description.
-
cisco-amp-group-deleteDestroys a group with a given GUID.
-
cisco-amp-group-listProvides information about groups in an organization.
-
cisco-amp-group-parent-updateConverts an existing group to a child of another group or an existing child group to a root group (that is, one with no parent groups).
-
cisco-amp-group-policy-updateUpdates a group to a given policy and returns all the policies in that group.
-
cisco-amp-indicator-listShow information about indicators.
-
cisco-amp-policy-listGets information about policies by filtering with a product and name of a specific policy with a policy_guid.
-
cisco-amp-version-getGet API version.
-
cisco-amp-vulnerability-listFetch a list of vulnerabilities. This is analogous to the Vulnerable Software view on the AMP for Endpoints Console. The list can be filtered to show only the vulnerable programs detected for a specific time range. Provide a list of computers on which the vulnerability has been observed with given SHA-256. The list item contains a summary of information on the vulnerability, including: application name and version, SHA-256 value for the executable file, connectors on which the vulnerable application was observed and the most recent CVSS score. IMPORTANT: computers key returns information about the last 1000 Connectors on which the vulnerable application was observed.
-
endpointReturns information about an endpoint.
-
fileRuns reputation on files.