Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1295
Views
10
Helpful
1
Replies

Pulling Allowed Applications from Application Control via API

Go to solution
dylan.mills
Level 1
Level 1

‎03-10-2022 06:19 AM

I see that there is a documented method of pulling the Application Control blocklist (GET /v1/file_lists/application_blocking), however I cannot find the equivalent for the allowlist. Is this supported and I am not seeing the documentation or is there currently no way to pull the hash values in this list?

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
johnosn
Level 1
Level 1

‎03-11-2022 05:57 AM

Nope.
Even if you pull the policy (https://api.amp.cisco.com/v1/policies/{:policy_guid}) and locate the guid for the "allowed_applications" list.

 

...
        "file_lists": [
            {
                "name": "Block and Quarantine",
                "guid": "12345678-90ab-cdef-1234-567890abcdef",
                "type": "simple_custom_detections"
            },
            {
                "name": "Block",
                "guid": "fedcab09-8765-4321-fedc-ba0987654321",
                "type": "application_blocking"
            },
            {
                "name": "Allow",
                "guid": "88888888-4444-4444-4444-cccccccccccc",
                "type": "allowed_applications"
            }
        ],
...

Then use that guid to try and pull the file list (https://api.amp.cisco.com/v1/file_lists/88888888-4444-4444-4444-cccccccccccc) you will be met with a message that this is not allowed.

 
{
    "version": "v1.2.0",
    "metadata": {
        "links": {
            "self": "https://api.amp.cisco.com/v1/file_lists/88888888-4444-4444-4444-cccccccccccc"
        }
    },
    "data": {},
    "errors": [
        {
            "error_code": 400,
            "description": "Bad Request",
            "details": [
                "File List of type: allowed_applications is not supported"            ]
        }
    ]
}
 

 

 

View solution in original post

1 Reply 1

Go to solution
johnosn
Level 1
Level 1

‎03-11-2022 05:57 AM

Nope.
Even if you pull the policy (https://api.amp.cisco.com/v1/policies/{:policy_guid}) and locate the guid for the "allowed_applications" list.

 

...
        "file_lists": [
            {
                "name": "Block and Quarantine",
                "guid": "12345678-90ab-cdef-1234-567890abcdef",
                "type": "simple_custom_detections"
            },
            {
                "name": "Block",
                "guid": "fedcab09-8765-4321-fedc-ba0987654321",
                "type": "application_blocking"
            },
            {
                "name": "Allow",
                "guid": "88888888-4444-4444-4444-cccccccccccc",
                "type": "allowed_applications"
            }
        ],
...

Then use that guid to try and pull the file list (https://api.amp.cisco.com/v1/file_lists/88888888-4444-4444-4444-cccccccccccc) you will be met with a message that this is not allowed.

 
{
    "version": "v1.2.0",
    "metadata": {
        "links": {
            "self": "https://api.amp.cisco.com/v1/file_lists/88888888-4444-4444-4444-cccccccccccc"
        }
    },
    "data": {},
    "errors": [
        {
            "error_code": 400,
            "description": "Bad Request",
            "details": [
                "File List of type: allowed_applications is not supported"            ]
        }
    ]
}
 

 

 

Customers Also Viewed These Support Documents