03-10-2022 06:19 AM
I see that there is a documented method of pulling the Application Control blocklist (GET /v1/file_lists/application_blocking), however I cannot find the equivalent for the allowlist. Is this supported and I am not seeing the documentation or is there currently no way to pull the hash values in this list?
Solved! Go to Solution.
03-11-2022 05:57 AM
Nope.
Even if you pull the policy (https://api.amp.cisco.com/v1/policies/{:policy_guid}) and locate the guid for the "allowed_applications" list.
...
"file_lists": [ { "name": "Block and Quarantine", "guid": "12345678-90ab-cdef-1234-567890abcdef", "type": "simple_custom_detections" }, { "name": "Block", "guid": "fedcab09-8765-4321-fedc-ba0987654321", "type": "application_blocking" }, { "name": "Allow", "guid": "88888888-4444-4444-4444-cccccccccccc", "type": "allowed_applications" }
],
...
Then use that guid to try and pull the file list (https://api.amp.cisco.com/v1/file_lists/88888888-4444-4444-4444-cccccccccccc) you will be met with a message that this is not allowed.
{ "version": "v1.2.0", "metadata": { "links": { "self": "https://api.amp.cisco.com/v1/file_lists/88888888-4444-4444-4444-cccccccccccc" } }, "data": {}, "errors": [ { "error_code": 400, "description": "Bad Request", "details": [ "File List of type: allowed_applications is not supported" ] } ] }
03-11-2022 05:57 AM
Nope.
Even if you pull the policy (https://api.amp.cisco.com/v1/policies/{:policy_guid}) and locate the guid for the "allowed_applications" list.
...
"file_lists": [ { "name": "Block and Quarantine", "guid": "12345678-90ab-cdef-1234-567890abcdef", "type": "simple_custom_detections" }, { "name": "Block", "guid": "fedcab09-8765-4321-fedc-ba0987654321", "type": "application_blocking" }, { "name": "Allow", "guid": "88888888-4444-4444-4444-cccccccccccc", "type": "allowed_applications" }
],
...
Then use that guid to try and pull the file list (https://api.amp.cisco.com/v1/file_lists/88888888-4444-4444-4444-cccccccccccc) you will be met with a message that this is not allowed.
{ "version": "v1.2.0", "metadata": { "links": { "self": "https://api.amp.cisco.com/v1/file_lists/88888888-4444-4444-4444-cccccccccccc" } }, "data": {}, "errors": [ { "error_code": 400, "description": "Bad Request", "details": [ "File List of type: allowed_applications is not supported" ] } ] }
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide