1-Secure Endpoint

Initialize Variables

Initialize: Set Variables

APIv1 - queries-Audit Logs

All Audit Log Types Audit Log Type - AllowList

APIv1 - queries-Computers

Search computer by name and store additional values Search computer by IP Specific computer by GUID Trajectory

APIv1 - queries-Computer Activity (Hunting)-Query for Sightings

Which computer reported URL (Demo data)

APIv1 - queries-Computer Activity (Hunting)-Investigate

Computer Object Group Object Computer Trajectory

APIv1 - queries-Endpoint Isolation

Isolation feature availability for endpoint Isolation status for endpoint Isolation Start Isolation Stop

APIv1 - queries-Events and Event Types-Events Per Computer

Event Type: Behavioral Protection for specific computer

APIv1 - queries-Events and Event Types

All Event Types Computer Events by SHA256

APIv1 - queries-File List

Show Application Blocking List by name Show all Simple Custom Detection Lists by name

APIv1 - queries-Forensic Snapshot (Hunting)

List Forensic Snapshots for Computer

APIv1 - queries-Indicators (Hunting)

List all available indicators with Event Count

APIv1 - queries-Vulnerabilities (Hunting)

Vulnerable Applications by GroupGUID OS Vulnerabilities per Computer Vulnerable Applications by SHA256 and Computers

APIv1 - queries-Compromise Inbox (Hunting)

Compromises - Inbox

APIv1 - queries-Manage ORG-Event Streams

List Event Streams List Event Stream by ID

APIv1 - queries-Manage ORG-Webhooks

List Webhooks Delete Webhook by ID

APIv1 - queries-Deployment Packages

Create Deployment package Create Deployment package Copy

Use Cases-Create and Delete Groups demo

Refill Sub-Group GUID if missing 4-Generate Sub-Group 5-Move Sub-Group under Top Group 6-Delete Top group by GUID 7-Delete Sub-group by GUID

APIv3 - queries-1-Generate Bearer Token first

APIv3 Generate Security Cloud API Access Token APIv3 Generate SE API Access Token APIv3 Access Secure Endpoint API - multiple ORGs

APIv3 - queries-Exclusions

List Exclusion Set Entries - Windows List Cisco Maintained Exlcusions Create Exclusion List List Exclusion List Property by GUID Change Exclusion List Property by GUID (Name)Delete Exclusion List

APIv3 - queries-Device Control-DVC: List all configurations

List Device Control Configurations - ALL

APIv3 - queries-Device Control-DVC: Check if configuration exists

DVC: Check BaseRule and update variable DVC: Check exception rule is already there

APIv3 - queries-Device Control-DVC: Add configuration and exeption rule

1-Add a DVC Configuration Add DVC Rule to given DVC configuration List DVC Rulses for given DVC configuration

APIv3 - queries-Device Control-DVC: remove configuration

1a-Update DVC Configuration Remove a DVC exeption rule Remove a DVC Configuration

APIv3 - queries-IOCs

APIv3 - queries-Policies

List all Policy Objects (Search Parameters)List all Policy Types (dynamic Visualizer)Delete Policy Object

APIv3 - queries-Uninstall the connector

Uninstall the connector

APIv3 - queries-Firewall-FW: List all configurations

List Host Firewall Configurations

APIv3 - queries-Firewall-FW Get Host Firewall Configuration Properties by GUID

Get Host Firewall Configuration Properties by GUID

APIv3 - queries-Firewall-FW: List Firewall Configuration Rules

List Firewall Configuratin Rules

APIv3 - queries-Firewall-FW: Get Firewall Rule Details

Get Firewall Rule Details

APIv3 - queries-Firewall-FW: Create/Rename/Delete Firewall Configuration

Create Firewall Configuration Update Firewall Configuration - Default Action Block Delete Firewall Configuration

APIv3 - queries-Firewall-FW: Create/Delete Firewall Rule

Create Firewall Rule Delete Firewall Rule

APIv3 - queries-Firewall-FW: My personal FW Test Ruleset

APIv3 Generate Security Cloud API Access Token Copy APIv3 Generate SE API Access Token Copy Create Firewall Configuration Internetbadguys - Demo Site

Authorize with Token

1-Orbital Generate Token 2-Orbital Check Status

Query Catalog entries

Get public stock query catalogue Get Organization catalog queries

Queries-3-Generate Queries-3a-Probe Endpoints

Queries-3-Generate Queries-3b-StockQueries

Query by catalog ID: installed_programs_monitoring (Win)

Queries-4-Review Result

4-Orbital Job Status 4-Orbital Show Result

Queries-5-Manage ORG

4-List Webhooks Delete Webhook

Scripts-Script Catalog entries

Get all catalog stock queries Get Organization catalog scripts

Scripts-Get Script Details

Get Script Details by scriptID

Scripts-Script Live Execution

Live execution of a script - os:windows

3-Private Intelligence

1-Generate Bearer Token first

APIv3 Generate SecureX API Access Token

Create Casebook Shows Casebook Content Delete Casebook by ID

DemoData_CozyDuke_Casebook

Check: CozyDuke Create: CozyDuke Delete: CozyDuke

Infos about observable

SHA256: get verdicts SHA256: get judgements SHA256: get indicators IP: get verdicts IP: get judgements IP: get indicators Domain: get verdicts Domain: get judgements Domain: get indictors

List All Casebooks Search Casebooks: all content Search Casebooks: title only Search Casebooks: description CTIA: Metrics CTIA: Properties CTIA: Status CTIA: Version

1-Secure Endpoint

Initialize Variables

Initialize: Set Variables

APIv1 - queries-Audit Logs

All Audit Log Types Audit Log Type - AllowList

APIv1 - queries-Computers

Search computer by name and store additional values Search computer by IP Specific computer by GUID Trajectory

APIv1 - queries-Computer Activity (Hunting)-Query for Sightings

Which computer reported URL (Demo data)

APIv1 - queries-Computer Activity (Hunting)-Investigate

Computer Object Group Object Computer Trajectory

APIv1 - queries-Endpoint Isolation

Isolation feature availability for endpoint Isolation status for endpoint Isolation Start Isolation Stop

APIv1 - queries-Events and Event Types-Events Per Computer

Event Type: Behavioral Protection for specific computer

APIv1 - queries-Events and Event Types

All Event Types Computer Events by SHA256

APIv1 - queries-File List

Show Application Blocking List by name Show all Simple Custom Detection Lists by name

APIv1 - queries-Forensic Snapshot (Hunting)

List Forensic Snapshots for Computer

APIv1 - queries-Indicators (Hunting)

List all available indicators with Event Count

APIv1 - queries-Vulnerabilities (Hunting)

Vulnerable Applications by GroupGUID OS Vulnerabilities per Computer Vulnerable Applications by SHA256 and Computers

APIv1 - queries-Compromise Inbox (Hunting)

Compromises - Inbox

APIv1 - queries-Manage ORG-Event Streams

List Event Streams List Event Stream by ID

APIv1 - queries-Manage ORG-Webhooks

List Webhooks Delete Webhook by ID

APIv1 - queries-Deployment Packages

Create Deployment package Create Deployment package Copy

Use Cases-Create and Delete Groups demo

Refill Sub-Group GUID if missing 4-Generate Sub-Group 5-Move Sub-Group under Top Group 6-Delete Top group by GUID 7-Delete Sub-group by GUID

APIv3 - queries-1-Generate Bearer Token first

APIv3 Generate Security Cloud API Access Token APIv3 Generate SE API Access Token APIv3 Access Secure Endpoint API - multiple ORGs

APIv3 - queries-Exclusions

List Exclusion Set Entries - Windows List Cisco Maintained Exlcusions Create Exclusion List List Exclusion List Property by GUID Change Exclusion List Property by GUID (Name)Delete Exclusion List

APIv3 - queries-Device Control-DVC: List all configurations

List Device Control Configurations - ALL

APIv3 - queries-Device Control-DVC: Check if configuration exists

DVC: Check BaseRule and update variable DVC: Check exception rule is already there

APIv3 - queries-Device Control-DVC: Add configuration and exeption rule

1-Add a DVC Configuration Add DVC Rule to given DVC configuration List DVC Rulses for given DVC configuration

APIv3 - queries-Device Control-DVC: remove configuration

1a-Update DVC Configuration Remove a DVC exeption rule Remove a DVC Configuration

APIv3 - queries-IOCs

APIv3 - queries-Policies

List all Policy Objects (Search Parameters)List all Policy Types (dynamic Visualizer)Delete Policy Object

APIv3 - queries-Uninstall the connector

Uninstall the connector

APIv3 - queries-Firewall-FW: List all configurations

List Host Firewall Configurations

APIv3 - queries-Firewall-FW Get Host Firewall Configuration Properties by GUID

Get Host Firewall Configuration Properties by GUID

APIv3 - queries-Firewall-FW: List Firewall Configuration Rules

List Firewall Configuratin Rules

APIv3 - queries-Firewall-FW: Get Firewall Rule Details

Get Firewall Rule Details

APIv3 - queries-Firewall-FW: Create/Rename/Delete Firewall Configuration

Create Firewall Configuration Update Firewall Configuration - Default Action Block Delete Firewall Configuration

APIv3 - queries-Firewall-FW: Create/Delete Firewall Rule

Create Firewall Rule Delete Firewall Rule

APIv3 - queries-Firewall-FW: My personal FW Test Ruleset

APIv3 Generate Security Cloud API Access Token Copy APIv3 Generate SE API Access Token Copy Create Firewall Configuration Internetbadguys - Demo Site

Authorize with Token

1-Orbital Generate Token 2-Orbital Check Status

Query Catalog entries

Get public stock query catalogue Get Organization catalog queries

Queries-3-Generate Queries-3a-Probe Endpoints

Queries-3-Generate Queries-3b-StockQueries

Query by catalog ID: installed_programs_monitoring (Win)

Queries-4-Review Result

4-Orbital Job Status 4-Orbital Show Result

Queries-5-Manage ORG

4-List Webhooks Delete Webhook

Scripts-Script Catalog entries

Get all catalog stock queries Get Organization catalog scripts

Scripts-Get Script Details

Get Script Details by scriptID

Scripts-Script Live Execution

Live execution of a script - os:windows

3-Private Intelligence

1-Generate Bearer Token first

APIv3 Generate SecureX API Access Token

Create Casebook Shows Casebook Content Delete Casebook by ID

DemoData_CozyDuke_Casebook

Check: CozyDuke Create: CozyDuke Delete: CozyDuke

Infos about observable

SHA256: get verdicts SHA256: get judgements SHA256: get indicators IP: get verdicts IP: get judgements IP: get indicators Domain: get verdicts Domain: get judgements Domain: get indictors

List All Casebooks Search Casebooks: all content Search Casebooks: title only Search Casebooks: description CTIA: Metrics CTIA: Properties CTIA: Status CTIA: Version

Home 1-Secure Endpoint APIv3 - queries-1-Generate Bearer Token firstAPIv3 Generate SE API Access Token

APIv3 Generate SE API Access Token

POST https://api.amp.cisco.com/v3/access_tokens

APIv3 Generate Security Cloud API Access Token

APIv3 Access Secure Endpoint API - multiple ORGs