AMP Threat Grid has a simple yet powerful API. You can obtain malware intelligence by searching for malware submissions associated to an IP address with a simple GET request like the following:
More details are in the AMP Threat Grid API documentation. Click "Help" once you are logged into the AMP Threat Grid portal.
What are the API connection and upload limits? Is there a maximum number of file that can be uploaded via the API within a time range? How about querying?
In the basic Cloud-based AMP Threat Grid integrations the current rate limits apply to sample submissions per a 24 hr moving window:
AMP for Endpoint - 100 submissions
AMP for Content Security - varies according to ESA/WSA appliance model
Cloud subscriptions are available to accommodate most customers requiring something different - ranging from 500 to 10,000 sample daily submissions. Subscriptions also bring in significantly more features including AMP Threat Grid's unique Glovebox for runtime interaction, Process Graphs, selectable malware execution environment and runtime to name a few.
Good news is that AMP customers can currently subscribe to Threat Grid at nearly half price. The breadth of offerings can be found in the AMP Threat Grid Ordering Guide. Do reach out to your Cisco sales team for more details.
There are currently no documented rate limits on queries.
Thanks and best regards,