Secure Endpoint - API - Threat Detected

SanderZumbrink — Thu, 06 Jun 2024 14:10:26 GMT

Hello,

Is there a good example how to use the Secure Endpoint API to extract only the threats detected?
I saw an article regarding the events endpoint and all alert_types to filter, but is that the only way?
https://developer.cisco.com/docs/secure-endpoint/v1-api-reference-event/

I've noticed the URL below, but it wasn't allowed to open the URL.

https://community.cisco.com/t5/endpoint-security/amp-for-endpoints-v1-api-events-not-equal/td-p/4907164

Re: Secure Endpoint - API - Threat Detected

Ken Stieers — Fri, 07 Jun 2024 16:54:22 GMT

Start with getting the types, types come with names...
Get the guids for the types whose names you want by hitting https://api.amp.cisco.com/v1/event_types

Then get events filtered by the guids you want where the guids are query string parameters.
https://api.amp.cisco.com/v1/events?event_type[]=1090519081&event_type[]=1107296272<> ... etc.

event types are OR'd, so you can put in as many as the url will take...

________________________________

This email is intended solely for the use of the individual to whom it is addressed and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law. If the reader of this email is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited.
If you have received this communication in error, please immediately notify us by telephone and return the original message to us at the listed email address.
Thank You.

topic Re: Secure Endpoint - API - Threat Detected in Endpoint Security

Secure Endpoint - API - Threat Detected

Re: Secure Endpoint - API - Threat Detected