-
Notifications
You must be signed in to change notification settings - Fork 56
/
index.json
1 lines (1 loc) · 6.25 KB
/
index.json
1
[{"name":"Cisco AMP","id":"AMP","description":"Uses CISCO AMP Endpoint","created":"2020-06-30T20:23:54Z","updated":"2020-11-23T06:33:47Z","legacy":true,"support":"xsoar","supportDetails":{"url":"https://www.paloaltonetworks.com/cortex"},"eulaLink":"https://github.com/demisto/content/blob/master/LICENSE","author":"Cortex XSOAR","authorImage":"content/packs/Base/Author_image.png","certification":"certified","price":0,"serverMinVersion":"5.0.0","currentVersion":"1.1.0","versionInfo":"2011305","commit":"20ff6ca4b0ead56fc7a630e70b53612c5ee58632","downloads":639,"tags":[],"categories":["Endpoint"],"contentItems":{"integration":[{"name":"AMP","description":"Uses CISCO AMP Endpoint","category":"Endpoint","commands":[{"name":"amp_get_computers","description":"Returns a list of computers on which agents are deployed. You can use filters (arguments) to narrow the search."},{"name":"amp_get_computer_by_connector","description":"Returns information for the specified computer."},{"name":"amp_get_computer_trajectory","description":"Returns a list of all activities associated with a particular computer. This is analogous to the Device Trajectory on the FireAMP Console. Use the Q argument to search for an IP address, SHA256 hash, or URL."},{"name":"amp_get_computer_trajctory","description":"Returns a list of all activities associated with a particular computer. This is analogous to the Device Trajectory on the FireAMP Console. Use the Q argument to search for an IP address, SHA256 hash, or URL."},{"name":"amp_move_computer","description":"Moves a computer to a group with the corresponding connector_guid and group_guid, respectively."},{"name":"amp_get_computer_activity","description":"This endpoint enables you to search all computers across your organization for any events or activities associated with a file or network operation, and returns computers that match the specified criteria. You can then query the /computers/{connector-guid}/trajectory endpoint for specific details."},{"name":"amp_get_computer_actvity","description":"This endpoint enables you to search all computers across your organization for any events or activities associated with a file or network operation, and returns computers that match the specified criteria. You can then query the /computers/{connector-guid}/trajectory endpoint for specific details."},{"name":"amp_get_events","description":"A general query interface for events. This is analogous to the Events view on the FireAMP Console."},{"name":"amp_get_event_types","description":"Events are identified and filtered by a unique ID. This endpoint provides a human readable name and short description of each event (by ID)."},{"name":"amp_get_application_blocking","description":"Returns a list of application blocking file lists. You can filter this list by name"},{"name":"amp_get_file_list_by_guid","description":"Returns a particular file list for application blocking or simple custom detection. You need to specify the file_list_guid argument to retrieve information about a particular file_list."},{"name":"amp_get_simple_custom_detections","description":"Returns a list of simple custom detection file lists. You can filter this list by detection name."},{"name":"amp_get_file_list_files","description":"Returns a list of items for a particular file_list. You need to specify the file_list_guid argument to retrieve these items."},{"name":"amp_get_file_list_files_by_sha","description":"Returns a particular item for a given file_list. You need to specify the sha256 argument and the file_list_guid argument to retrieve an item."},{"name":"amp_set_file_list_files_by_sha","description":"Adds a SHA256 hash to a file list, using file_list_guid."},{"name":"amp_delete_file_list_files_by_sha","description":"Deletes an item from a file_list using the SHA256 hash and file_list_guid."},{"name":"amp_get_groups","description":"Returns basic information about groups in your organization. You can map group names to GUIDs for filtering on the events endpoint."},{"name":"amp_get_group","description":"Returns a particular group"},{"name":"amp_set_group_policy","description":"Sets a security policy to a group of endpoints."},{"name":"amp_get_policies","description":"Returns a list of policies. You can filter this list by name and product."},{"name":"amp_get_policy","description":"Retrieves information about a particular policy, based on policy_guid."},{"name":"amp_get_version","description":"Fetches a list of versions."},{"name":"amp_delete_computers_isolation","description":"Performs a feature availability request on a computer. Can also be used as a course-grained isolation status request."},{"name":"amp_put_computers_isolation","description":"Request Isolation for a Computer. If a computer is already isolated a 409 Conflict error status will be sent. Returns the same result of a GET request on the /isolation endpoint."},{"name":"amp_get_computers_isolation","description":"Returns a fine grained isolation status for a computer. The available flag is set to true if isolation can be performed on the computer. status will be set to one of: not_isolated pending_start isolated pending_stop"}]}]},"searchRank":10,"integrations":[{"name":"AMP","imagePath":"content/packs/AMP/AMP_image.png"}],"useCases":[],"keywords":[],"dependencies":{"Base":{"mandatory":true,"minVersion":"1.15.7","author":"Cortex XSOAR","name":"Base","certification":"certified"}},"changeLog":{"1.0.0":{"releaseNotes":"Uses CISCO AMP Endpoint","displayName":"1.0.0 - 60526","released":"June 30, 2020"},"1.0.1":{"releaseNotes":"#### Integrations\\n##### Cisco AMP\\n- Fixed an issue where the `amp_move_computer` command would fail.\\n","displayName":"1.0.1 - R180529","released":"November 9, 2020"},"1.0.2":{"releaseNotes":"\\n#### Integrations\\n##### Cisco AMP\\n- Fixed an issue where commands would fail due to a syntax error caused while created their query parameters.\\n","displayName":"1.0.2 - 194714","released":"November 20, 2020"},"1.1.0":{"releaseNotes":"\\n#### Integrations\\n##### Cisco AMP\\n- Added the following commands.\\n - ***amp_delete_computers_isolation***: Requests to unlock a computer.\\n - ***amp_put_computers_isolation***: Requests to lock a computer.\\n - ***amp_get_computers_isolation***: Returns the isolation status of a computer.\\n","displayName":"1.1.0 - R264879","released":"November 23, 2020"}},"readme":null}]