Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
189
Views
0
Helpful
1
Replies

Attempting to GET logs for Quarantine Failure for API call

yingyingchiam
Level 1
Level 1

‎07-23-2025 03:35 AM

Hi all, 

I am able to get a list of devices when i use this path in the API script for Cisco Secure Client (formerly Cisco AMP)

REPORT_URL = "https://api.apjc.amp.cisco.com/v3/organizations/<orgID>/devices?size=10"

However, i am attempting to create one for Quarantine Failure and/or Malware Executed and/or Program Uninstalled. So, instead of just devices, i would like to find out from the community if you had experienced similar circumstance if you require to put all these into the REPORT_URL field. And how can i put all into one sentence?

Below is my script:

#!/usr/bin/env python3
import sys
import json
import requests
from requests.auth import HTTPBasicAuth

# ==== CONFIGURATION ==== #
# Replace with your Secure Client Cloud Management credentials
CLIENT_ID = "client-xxxxx"
CLIENT_SECRET = "xxxxx"

# API endpoints (Replace with Secure Client Cloud Management URLs)
TOKEN_URL = "https://visibility.apjc.amp.cisco.com/iroh/oauth2/token"
CLIENT_TOKEN_URL = "https://api.apjc.amp.cisco.com/v3/access_tokens"

REPORT_URL = "https://api.apjc.amp.cisco.com/v3/organizations/<orgID>/devices?size=10"
OUTPUT_FILE = "organizations.json"

What this script does is it will fetch the logs and save it into a file which i can then use a collector to pinpoint the file path to be ingested into my SIEM.

Labels:
0 Helpful
1 Reply 1

Matthew Franks
Cisco Employee
Cisco Employee

‎07-23-2025 04:34 AM

Can you clarify what you're trying to pull for the output file? Do you want the devices that have seen Quarantine Failure and/or Malware Executed and/or Program Uninstalled events?

Thanks,

Matt

0 Helpful
Customers Also Viewed These Support Documents