- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-18-2020 09:27 AM
Good morning.
When I do an api call, for groups, using this URI:
https://api.amp.cisco.com/v1/groups?name=Protect
It returns all of the groups with 'Protect' in their names...
Is there a way to tell the API to just return the ONE group with the name of "Protect"?
Ken
Solved! Go to Solution.
- Labels:
-
AMP for Endpoints
-
Other AMP Topics
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-18-2020 10:50 AM
Ken,
The groups API call uses a wildcard for the name search so it will return all groups with Protect in the name. For information on an exact match you would need to use the Group GUID with the groups/{guid} API call.
Thanks,
Matt

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-18-2020 10:50 AM
Ken,
The groups API call uses a wildcard for the name search so it will return all groups with Protect in the name. For information on an exact match you would need to use the Group GUID with the groups/{guid} API call.
Thanks,
Matt
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-18-2020 11:08 AM
I'm writing a script to do moves to a group, based on someone not having access to the api. "Move machine x to group y" without knowing what "y" will be...
I hoping I wouldn't have to loop through the returned list.
Thanks!
Ken

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-18-2020 11:52 AM - edited 06-18-2020 12:11 PM
Ken,
I did something very similar recently and had to parse the output to get the group GUID. You may find some useful resources at github.com/CiscoSecurity if you're not aware of that repository.
I took the liberty of combining some existing Python code to parse your Groups. You may want some different information but this should be a good start. You just need to input your API credentials.
import requests amp_client_id = '' amp_api_key = '' def displayGroups(): url = 'https://api.amp.cisco.com/v1/groups' request = requests.get(url, auth=(amp_client_id, amp_api_key)) response = request.json() print('[{:^5}] {:^30} {:^15}'.format('Index', 'Name', 'Product')) index = 0 for item in response["data"]: index = index + 1 print('[{:^5}] {:<30} {:^15}'.format( index, item['name'], item['guid'], )) print("------------------------------------------") index = input("Index: ") index = index.strip() if not index.isdigit(): print("Invalid index") return index = int(index) - 1 if not (0 <= index < len(response['data'])): print("Invalid index") return guid = response['data'][index]['guid'] # get the details of a particular group url = "https://api.amp.cisco.com/v1/groups/" + guid request = requests.get(url, auth=(amp_client_id, amp_api_key)) response = request.json() data = response["data"] #print(data) print("\nGroup details:") print("\tName : " + data["name"] ) print("\tGuid : " + data["guid"]) print("\n\tPolicies : ") for num, policy in enumerate(data['policies'], start=0): print("\t\tName: {}".format(data['policies'][num]['name'])) print("\t\tGuid: {}".format(data['policies'][num]['guid'])) print("\t\tProduct: {}\n".format(data['policies'][num]['product'])) if __name__ == '__main__': while True: # Print the menu print(""" Advanced Malware Protection (AMP) - Cloud Retrieve Information About a Particular Group : """) displayGroups() again = input(" Do you want to run again?(y/n): ") again = again.strip() if again == 'y' or again == 'Y': continue break
Thanks,
Matt
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-18-2020 12:20 PM
(BTW, this is all an X/Y problem)
The specific issue is new machines go into a group with Orbital turned off, as the Orbital install seems to me messing about with other installs being run by the SCCM task sequence.
So at the end of the task sequence, we'll move the machine to the correct group and let Orbital do its thing later.
But that requires running something that the machine already has, without installing yet more stuff...
So Powershell... and I'm trying to get cute...
Errors written to the event log, the script is "configurable" so that we change one parameter to so change which group, etc.
So, I'll toss out the feature request for an 'exact match' parameter on queries?
For groups, computers, policies, there are probably others the people might need?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-18-2020 11:02 AM - edited 06-18-2020 11:05 AM
Hi Ken,
Thanks for using Cisco Community, regarding your inquiry you can get a specific group using the API.
This information can be found in the API Documentation: https://api-docs.amp.cisco.com/api_resources/Group?api_host=api.amp.cisco.com&api_version=v1
You can get the information about a specific group by using the GUID of the group.
https://api.amp.cisco.com/v1/groups/5cdf70dd-1b14-46a0-be90-e08da14172d8
The 5cdf70dd-1b14-46a0-be90-e08da14172d8 is the GUID of the group, but how to get this ID?
* Using API
You can use this query to get all the information about the groups.
https://api.amp.cisco.com/v1/groups
Once you have the GUID you can use it in the query.
https://api.amp.cisco.com/v1/groups/TheGroupGUID
I hope this information can be useful to you.
Have a great day!!!
Uri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-18-2020 11:09 AM
I got that already...
See my answer to Matt's response.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-03-2024 06:18 AM
Hey guys... in powershell, here's how to do it
Assuming $GroupResponse holds the response to an Invoke-RestMethod to https://api.amp.cisco.com/v1/groups?name=Protect, this will get the guid of the exact match:
$groupguid = $GroupResponse.data | where { $_.name -eq $SourceGroupName } | Select -ExpandProperty Guid
