:(



I'm writing a script to do moves to a group, based on someone not having access to the api. "Move machine x to group y" without knowing what "y" will be...

I hoping I wouldn't have to loop through the returned list.



Thanks!

Ken

Ken, 

 

I did something very similar recently and had to parse the output to get the group GUID.  You may find some useful resources at github.com/CiscoSecurity if you're not aware of that repository.

 

I took the liberty of combining some existing Python code to parse your Groups.  You may want some different information but this should be a good start.  You just need to input your API credentials.

 

import requests

amp_client_id = ''
amp_api_key = ''

def displayGroups():
    url = 'https://api.amp.cisco.com/v1/groups'

    request = requests.get(url, auth=(amp_client_id, amp_api_key))
    response = request.json()

    print('[{:^5}]   {:^30} {:^15}'.format('Index', 'Name', 'Product'))

    index = 0
    for item in response["data"]:
        index = index + 1
        print('[{:^5}]   {:<30} {:^15}'.format(
            index,
            item['name'],
            item['guid'],
        ))
    print("------------------------------------------")
    index = input("Index: ")
    index = index.strip()

    if not index.isdigit():
        print("Invalid index")
        return

    index = int(index) - 1
    if not (0 <= index < len(response['data'])):
        print("Invalid index")
        return

    guid = response['data'][index]['guid']

    # get the details of a particular group
    url = "https://api.amp.cisco.com/v1/groups/" + guid
    request = requests.get(url, auth=(amp_client_id, amp_api_key))
    response = request.json()
    data = response["data"]
    #print(data)

    print("\nGroup details:")
    print("\tName : " + data["name"] )
    print("\tGuid : " + data["guid"])
    print("\n\tPolicies : ")
    for num, policy in enumerate(data['policies'], start=0):
        print("\t\tName: {}".format(data['policies'][num]['name']))
        print("\t\tGuid: {}".format(data['policies'][num]['guid']))
        print("\t\tProduct: {}\n".format(data['policies'][num]['product']))

if __name__ == '__main__':
    while True:
        # Print the menu
        print("""
                   Advanced Malware Protection (AMP) - Cloud
    
                Retrieve Information About a Particular Group :
                        """)

        displayGroups()

        again = input(" Do you want to run again?(y/n): ")
        again = again.strip()
        if again == 'y' or again == 'Y':
            continue
        break

 

Thanks,

Matt

That's all in python, I'm doing it Powershell.



(BTW, this is all an X/Y problem)

The specific issue is new machines go into a group with Orbital turned off, as the Orbital install seems to me messing about with other installs being run by the SCCM task sequence.

So at the end of the task sequence, we'll move the machine to the correct group and let Orbital do its thing later.

But that requires running something that the machine already has, without installing yet more stuff...

So Powershell... and I'm trying to get cute...

Errors written to the event log, the script is "configurable" so that we change one parameter to so change which group, etc.





So, I'll toss out the feature request for an 'exact match' parameter on queries?

For groups, computers, policies, there are probably others the people might need?

I got that already...

See my answer to Matt's response.