About TomML

TomML · 06-13-2024

Hi, within XDR I can conduct message remediation by pivoting off of a Cisco Message ID (MID):However I cannot seem to find any documentation detailing how to conduct message remediation with the API (PUT or POST with a list of MIDs) so I can incorpor...

TomML · 08-22-2023

Curious if there is way to mark a potential compromise as resolved with the API. I would like to automate some known false positives that routinely appear.I didn't notice any POSTs in the current version of the documentation (Secure Endpoint API - C...

TomML · 08-07-2023

Is there a way to safelist or create an exclusion for this benign powershell command without safelisting cmd.exe or powerhell.exe - just the actual Command parameter? These events are classified as "Command Obfuscation With Symbols" compromises and ...

TomML · 08-04-2023

Hello, I've run into an issue with authenticating the SecureX Security Ribbon in Secure Network Analytics.I also noticed this new API Client in my SecureX environment and I'm unaware of how to approve it.Thanks!

TomML · 05-03-2023

Hi, I'm testing a draft workflow that modifies a user's attributes in Duo using the Duo Admin API and based on the "Duo - Admin - Add User to Group" atomic. Currently it just modifies user's notes:When I use spaces in the notes parameter, it fails t...

TomML · 05-13-2024

Nevermind - I got it import requests import json url = "https://orbital.amp.cisco.com/v0/script/run" payload = json.dumps({ "name": "Execute Powershell Cmdlet via API", "nodes": [ "amp:235xxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" ], "expiry": ...

TomML · 05-13-2024

Thanks @eugechan , I created a new API client with Admin and Orbital options. I think I am making progress - I'll further review the API documentation. Appreciate your feedback!import requests import json url = "https://orbital.amp.cisco.com/v0/s...

TomML · 05-10-2024

I am a bit confused on the Orbital Script API document. I am hoping it is like using the Query body syntax where I can give it the name of the Script ("windows_exec_powershell_cmdlets" in this case) along with its arguments.import requests import js...

TomML · 11-20-2023

Thanks @UdupiKrishna @Robert Sherwin. Looks like we had some certificate issues in our environment. It's working as intended now.

TomML · 11-16-2023

Hi @CSCO11645642 , any luck with this? I have the same issue.

Member Since	‎11-18-2022 08:11 AM
Date Last Visited	‎07-26-2024 12:34 AM
Posts	17
Total Helpful Votes Received	3

User Statistics

User Activity

Cisco Email and Web Message Remediation API

Secure Endpoint API Call to Resolve a Compromise

Safelist Command Obfuscation With Symbols in Secure Endpoint

Secure Network Analytics integration with SecureX Security Ribbon

SecureX HTTP Request fails with encoded parameter in body

Re: Orbital Scripts API

Re: Orbital Scripts API

Re: Orbital Scripts API

Re: Issue with remediating Messages in Mailboxes with SMA Message Trac

Re: Issue with remediating Messages in Mailboxes with SMA Message Trac