Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
493
Views
0
Helpful
4
Replies

Antivirus definition outdated events

mski7861
Level 1
Level 1

‎07-18-2024 10:22 AM

We recently were asked about generating events or alerts when an endpoint hasn't been updated for more than 30 days.  Is anyone actively doing this or have ideas how this can be done? 

Labels:
0 Helpful
4 Replies 4

Matthew Franks
Cisco Employee
Cisco Employee

‎07-18-2024 11:17 AM

Depending on how you want to go about it, you can use the Secure Endpoint API and query for the "last seen" date.
Endpoints should be updating when they check in.
GET /v1/computers/{connector_guid}

You could also use Orbital to query the endpoints with this Customer SQL query:
SELECT * FROM windows_security_products WHERE name="Cisco Secure Endpoint"

With this, you can verify the "state" is On and the "signatures_up_to_date" is 1 (up to date).
MatthewFranks_0-1721326596914.png

Hope that helps.

Thanks,

Matt

0 Helpful

mski7861
Level 1
Level 1
In response to Matthew Franks

‎07-22-2024 06:15 AM

@Matthew Franks thank you for the information, this is very helpful.  I feel that orbital would be the better way to go however this particular customer is not licensed for it.  

I tested the API using postman and I am able to get results back for each computer and the last seen date.  I am trying to add parameters to query the data/hostname and data/last_seen but I'm haven't been successful.  Is this something I can get via the API? 

0 Helpful

Matthew Franks
Cisco Employee
Cisco Employee

‎07-22-2024 06:34 AM

I'm not entirely sure what you're asking @mski7861 . Could you please clarify what you want to pull? You said you were able to get the computers results back from the API. Those contain the hostname and last_seen information. Are you trying to just display hostname and last seen? You can print these to the console (or manipulate them however you desire with a post-response script in Postman like this:

MatthewFranks_0-1721655252555.png

These actions used to be under Tests in Postman but have recently moved to the Scripts section. Hope that helps!

-Matt

0 Helpful

mski7861
Level 1
Level 1
In response to Matthew Franks

‎07-22-2024 07:50 AM

@Matthew Franks you are correct and apologies for the confusion.  The initial query provides all results as expected.  I was trying to figure out how to limit the information displayed to hostname and last_seen.  I will test this with a script information you provided. 

0 Helpful
Customers Also Viewed These Support Documents