Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
246
Views
0
Helpful
1
Replies

Secure Endpoint - API - Threat Detected

SanderZumbrink
Level 1
Level 1

‎06-06-2024 07:10 AM

Hello,

Is there a good example how to use the Secure Endpoint API to extract only the threats detected?
I saw an article regarding the events endpoint and all alert_types to filter, but is that the only way?
https://developer.cisco.com/docs/secure-endpoint/v1-api-reference-event/

I've noticed the URL below, but it wasn't allowed to open the URL. 

https://community.cisco.com/t5/endpoint-security/amp-for-endpoints-v1-api-events-not-equal/td-p/4907164

Labels:
0 Helpful
1 Reply 1

Ken Stieers
VIP
VIP

‎06-07-2024 09:54 AM

Start with getting the types, types come with names...
Get the guids for the types whose names you want by hitting https://api.amp.cisco.com/v1/event_types

Then get events filtered by the guids you want where the guids are query string parameters.
https://api.amp.cisco.com/v1/events?event_type[]=1090519081&event_type[]=1107296272<> ... etc.


event types are OR'd, so you can put in as many as the url will take...



________________________________

This email is intended solely for the use of the individual to whom it is addressed and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law. If the reader of this email is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited.
If you have received this communication in error, please immediately notify us by telephone and return the original message to us at the listed email address.
Thank You.
0 Helpful
Customers Also Viewed These Support Documents