topic Re: Connecting to AMP for Endpoints API in Endpoint Security

Connecting to AMP for Endpoints API

rzeygerman — Fri, 21 Feb 2020 05:02:33 GMT

Hi, hope all is well. I am trying to connect to the AMP for Endpoints API and receiving (401) Unauthorized error. I am using the API keys generated in the AMP cloud counsel.

What i cant seem to figure out is what should be my URL part after the @ character for GET /v1/computers

https://<your_client_id>:<your_api_key>@<api_endpoint>

Re: Connecting to AMP for Endpoints API

brmcmaho — Thu, 03 Nov 2016 19:36:12 GMT

The "API endpoint" is the URL you use to submit API requests for your particular cloud -- api.amp.cisco.com for the NA public cloud or api.eu.amp.cisco.com for the EU cloud.

I usually find that it helps to take a look at one of the examples under "Resources" on the right-hand side of the main API doc page. For example, under GET /v1/computers, it gives you this example:

curl -X GET \
-H 'accept: application/json' \
-H 'content-type: application/json' \
--compressed -H 'Accept-Encoding: gzip, deflate' \
-u YOUR_API_CLIENT_ID \
https://api.amp.cisco.com/v1/computers

In this case, unlike the example you found on the first page, we're using the curl command line to pass in the username (client id), and letting it prompt us interactively for the password (api key).

Hope this helps. Please let us know if there are more questions.

Re: Connecting to AMP for Endpoints API

rzeygerman — Fri, 04 Nov 2016 14:50:37 GMT

Thank you brmcmaho,

I guess i was not clear. Yes i looked at the other pages and that it how i figured out the URL.

Now, following your advice, i installed CURL for windows (previously i was trying to get this done with powershell) and ran the command above (no CURL console in windows, just command line )

curl -X GET -H 'accept: application/json' -H 'content-type: application/json' --compressed -H 'Accept-Encoding: gzip, deflate' -u MY_API_CLIENT_ID 'http://api.amp.cisco.com/v1/computer'

the system responded back with:

curl: (6) Could not resolve host: application

curl: (6) Could not resolve host: gzip,

curl: (6) Could not resolve host: deflate'

curl: (1) Protocol "'http" not supported or disabled in libcurl

Now found a way to test https by connecting to google and that worked. So this leaves me to believe that either there is a problem with my string above, or the generated Client ID or API key...

what would you advise brmcmaho?

Re: Connecting to AMP for Endpoints API

brmcmaho — Wed, 09 Nov 2016 09:29:30 GMT

So I am about as far away from a PowerShell guru as you can imagine, but in my reading there seem to be lots of questions about how to do the equivalent of "curl -u username:password". One thing I found that appears to work in my quick test is based on the following web page:

DexterPOSH's Blog: PowerShell + REST API : Basic, CMS & CMSURL Authentication

Here's what I did:

$Credential = Get-Credential

(You will be prompted for username and password)

$EncodedUsernamePassword = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($('{0}:{1}' -f $Credential.UserName, $Credential.GetNetworkCredential().Password)))

$Headers = @{'Authorization' = "Basic $($EncodedUsernamePassword)"; 'accept' = 'application/json'; 'Content-type' = 'application/json'; 'Accept-Encoding' = 'gzip, deflate'}

Invoke-RestMethod -Method Get -Uri 'https://api.amp.cisco.com/v1/computers' -Headers $Headers

Re: Connecting to AMP for Endpoints API

dsindell1 — Wed, 29 Mar 2017 18:31:04 GMT

I've been fighting with this API for a few weeks trying to get it into syslog. I was able to get the curl string working on windows (under strawberry perl) by playing with the syntax a little, and though it's been a while since this thread was active, I think it could help future searchers.

If you remove the trailing spaces after the colons, the command works, as such:

curl -k -X GET -H 'accept:application/json' -H 'content-type:application/json' --compressed -H 'Accept-Encoding:gzip,deflate' -u MY_API_CLIENT_ID:api_key 'http://api.amp.cisco.com/v1/computer'

however i can't get the basic auth working with the encoded credential, and there are other issues.

Re: Connecting to AMP for Endpoints API

brmcmaho — Wed, 29 Mar 2017 19:36:48 GMT

For the Windows side of things, I did find that switching over to Powershell and the Get-Credential method was much more reliable than trying to shoehorn it into non-native curl. Just for what it's worth.

Re: Connecting to AMP for Endpoints API

arockiam.ponnusamy — Tue, 23 Jul 2019 08:05:10 GMT

Hi,

thanks for curl example. i am able to retrieve; due to pagination 500 records come in a pull. I have large set of computers to extract daily for analysis. Do you have any suggested script? - could be bash or python; which i can use it.