Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9413
Views
7
Helpful
2
Replies

AMP Threat Grid API

schuang
Cisco Employee
Cisco Employee

‎11-11-2015 02:48 AM - edited ‎02-20-2020 09:00 PM

AMP Threat Grid has a simple yet powerful API.  You can obtain malware intelligence by searching for malware submissions associated to an IP address with a simple GET request like the following:

https://panacea.threatgrid.com/api/v2/search/submissions?q=<Query_IP_Addr>&api_key=<Your_API_Key>

More details are in the AMP Threat Grid API documentation.  Click "Help" once you are logged into the AMP Threat Grid portal.

3 people had this problem
2 Replies 2

Paul Laforge
Level 1
Level 1

‎11-11-2015 07:06 PM

What are the API connection and upload limits?  Is there a maximum number of file that can be uploaded via the API within a time range?  How about querying?

0 Helpful

schuang
Cisco Employee
Cisco Employee
In response to Paul Laforge

‎11-11-2015 09:01 PM

Hi Paul,

In the basic Cloud-based AMP Threat Grid integrations the current rate limits apply to sample submissions per a 24 hr moving window:

AMP for Endpoint - 100 submissions

AMP for Content Security - varies according to ESA/WSA appliance model

Cloud subscriptions are available to accommodate most customers requiring something different - ranging from 500 to 10,000 sample daily submissions. Subscriptions also bring in significantly more features including AMP Threat Grid's unique Glovebox for runtime interaction, Process Graphs, selectable malware execution environment and runtime to name a few.

Good news is that AMP customers can currently subscribe to Threat Grid at nearly half price. The breadth of offerings can be found in the AMP Threat Grid Ordering Guide.  Do reach out to your Cisco sales team for more details.

There are currently no documented rate limits on queries.

Thanks and best regards,

Shyue Hong

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents