ANNOUNCEMENT - The community will be down for maintenace this Thursday August 13 from 12:00 AM PT to 02:00 AM PT. As a precaution save your work.
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
360
Views
0
Helpful
4
Replies
Highlighted

Can we fetch vulnerability details with Cisco AMP using Orbital.

Can we fetch vulnerability details with Cisco AMP using Orbital feature. If so can someone please let me know if there is any inbuilt query or we have to create customize queries for fetching this information for all applicable endpoints.

 

If there is any customize queries, can someone please share it with us.

4 REPLIES 4
Highlighted
Cisco Employee

Re: Can we fetch vulnerability details with Cisco AMP using Orbital.

When you say fetch vulnerabilities, what exactly are you referring to?  If you're talking about software vulnerabilities reported by AMP, you can use the AMP API to pull this information.  If you're talking about Microsoft reported vulnerabilities, you can use the "Windows HotFixes Monitoring" Orbital query to pull up a list of KBs installed on the system and determine which vulnerabilities exist based off of that.  There are also a few specific CVE queries listed that you can find by searching "CVE" in the orbital queries. 

 

Thanks,

Matt

Highlighted

Re: Can we fetch vulnerability details with Cisco AMP using Orbital.

Thanks Matt. I just need to fetch complete list of vulnerabilities.

 

I have couple of questions.

 

a) How do we use AMP API to get the list of all software vulnerabilities. Can you please provide some supporting document to run this queries. Also can we run these queries for a particular group instead of single machine.

 

b) With respect to Microsoft vulnerability, I ran "Windows HotFixes Monitoring" query and it gives me set of KBs. Are these KBs open to vulnerability or just the list of KBs that are installed on the machine?

Highlighted
Cisco Employee

Re: Can we fetch vulnerability details with Cisco AMP using Orbital.

a) The link I sent previously is the API documentation link for the vulnerabilities call.  Here it is again:
https://api-docs.amp.cisco.com/api_actions/details?api_action=GET+%2Fv1%2Fvulnerabilities&api_host=api.amp.cisco.com&api_resource=Vulnerabilities&api_version=v1

 

b) The query returns a list of installed KBs.  If you're looking for a specific vulnerability that is fixed by a KB, you can reference this list to see if it is fixed or not.

 

I believe you're looking for the information from a).  You can see examples of various forms of this query by selecting the appropriate tab.

screenshot.png

 

Thanks,

Matt

Highlighted
Cisco Employee

Re: Can we fetch vulnerability details with Cisco AMP using Orbital.

Hello @pavankumar.kakarla,

just a short question. How about a full NIST integration into AMP for Endpoints. Would this be a possible solution for you?

Greetings,

Thorsten