06-18-2020 09:27 AM
Good morning.
When I do an api call, for groups, using this URI:
https://api.amp.cisco.com/v1/groups?name=Protect
It returns all of the groups with 'Protect' in their names...
Is there a way to tell the API to just return the ONE group with the name of "Protect"?
Ken
Solved! Go to Solution.
06-18-2020 10:50 AM
Ken,
The groups API call uses a wildcard for the name search so it will return all groups with Protect in the name. For information on an exact match you would need to use the Group GUID with the groups/{guid} API call.
Thanks,
Matt
06-18-2020 10:50 AM
Ken,
The groups API call uses a wildcard for the name search so it will return all groups with Protect in the name. For information on an exact match you would need to use the Group GUID with the groups/{guid} API call.
Thanks,
Matt
06-18-2020 11:08 AM
06-18-2020 11:52 AM - edited 06-18-2020 12:11 PM
Ken,
I did something very similar recently and had to parse the output to get the group GUID. You may find some useful resources at github.com/CiscoSecurity if you're not aware of that repository.
I took the liberty of combining some existing Python code to parse your Groups. You may want some different information but this should be a good start. You just need to input your API credentials.
import requests amp_client_id = '' amp_api_key = '' def displayGroups(): url = 'https://api.amp.cisco.com/v1/groups' request = requests.get(url, auth=(amp_client_id, amp_api_key)) response = request.json() print('[{:^5}] {:^30} {:^15}'.format('Index', 'Name', 'Product')) index = 0 for item in response["data"]: index = index + 1 print('[{:^5}] {:<30} {:^15}'.format( index, item['name'], item['guid'], )) print("------------------------------------------") index = input("Index: ") index = index.strip() if not index.isdigit(): print("Invalid index") return index = int(index) - 1 if not (0 <= index < len(response['data'])): print("Invalid index") return guid = response['data'][index]['guid'] # get the details of a particular group url = "https://api.amp.cisco.com/v1/groups/" + guid request = requests.get(url, auth=(amp_client_id, amp_api_key)) response = request.json() data = response["data"] #print(data) print("\nGroup details:") print("\tName : " + data["name"] ) print("\tGuid : " + data["guid"]) print("\n\tPolicies : ") for num, policy in enumerate(data['policies'], start=0): print("\t\tName: {}".format(data['policies'][num]['name'])) print("\t\tGuid: {}".format(data['policies'][num]['guid'])) print("\t\tProduct: {}\n".format(data['policies'][num]['product'])) if __name__ == '__main__': while True: # Print the menu print(""" Advanced Malware Protection (AMP) - Cloud Retrieve Information About a Particular Group : """) displayGroups() again = input(" Do you want to run again?(y/n): ") again = again.strip() if again == 'y' or again == 'Y': continue break
Thanks,
Matt
06-18-2020 12:20 PM
06-18-2020 11:02 AM - edited 06-18-2020 11:05 AM
Hi Ken,
Thanks for using Cisco Community, regarding your inquiry you can get a specific group using the API.
This information can be found in the API Documentation: https://api-docs.amp.cisco.com/api_resources/Group?api_host=api.amp.cisco.com&api_version=v1
You can get the information about a specific group by using the GUID of the group.
https://api.amp.cisco.com/v1/groups/5cdf70dd-1b14-46a0-be90-e08da14172d8
The 5cdf70dd-1b14-46a0-be90-e08da14172d8 is the GUID of the group, but how to get this ID?
* Using API
You can use this query to get all the information about the groups.
https://api.amp.cisco.com/v1/groups
Once you have the GUID you can use it in the query.
https://api.amp.cisco.com/v1/groups/TheGroupGUID
I hope this information can be useful to you.
Have a great day!!!
Uri
06-18-2020 11:09 AM
I got that already...
See my answer to Matt's response.
06-03-2024 06:18 AM
Hey guys... in powershell, here's how to do it
Assuming $GroupResponse holds the response to an Invoke-RestMethod to https://api.amp.cisco.com/v1/groups?name=Protect, this will get the guid of the exact match:
$groupguid = $GroupResponse.data | where { $_.name -eq $SourceGroupName } | Select -ExpandProperty Guid
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide