cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5298
Views
7
Helpful
2
Replies
Highlighted
Cisco Employee

AMP Threat Grid API

AMP Threat Grid has a simple yet powerful API.  You can obtain malware intelligence by searching for malware submissions associated to an IP address with a simple GET request like the following:

https://panacea.threatgrid.com/api/v2/search/submissions?q=<Query_IP_Addr>&api_key=<Your_API_Key>

More details are in the AMP Threat Grid API documentation.  Click "Help" once you are logged into the AMP Threat Grid portal.

Everyone's tags (3)
2 REPLIES 2
Highlighted
Beginner

Re: AMP Threat Grid API

What are the API connection and upload limits?  Is there a maximum number of file that can be uploaded via the API within a time range?  How about querying?

Highlighted
Cisco Employee

Re: AMP Threat Grid API

Hi Paul,

In the basic Cloud-based AMP Threat Grid integrations the current rate limits apply to sample submissions per a 24 hr moving window:

AMP for Endpoint - 100 submissions

AMP for Content Security - varies according to ESA/WSA appliance model

Cloud subscriptions are available to accommodate most customers requiring something different - ranging from 500 to 10,000 sample daily submissions. Subscriptions also bring in significantly more features including AMP Threat Grid's unique Glovebox for runtime interaction, Process Graphs, selectable malware execution environment and runtime to name a few.

Good news is that AMP customers can currently subscribe to Threat Grid at nearly half price. The breadth of offerings can be found in the AMP Threat Grid Ordering Guide.  Do reach out to your Cisco sales team for more details.

There are currently no documented rate limits on queries.

Thanks and best regards,

Shyue Hong