Pinned Repositories
amp-01-basics
Scripts that cover the basics of interacting with the AMP for Endpoints API
amp-05-health-checker-windows
amp-05-windows-tune
fp-05-firepower-cef-connector-arcsight
Cisco eStreamer client
fp-05-firepower-cli
Public Repo for an eStreamer CLI project
sxo-05-security-workflows
Workflows, atomic actions, and documentation for SecureX orchestration
tg-01-basics
Scripts that cover the basics of interacting with the Threat Grid API
tg-04-bulk-submit
Submit files in bulk to Threat Grid via the API
tr-05-api-module
Threat Response API Module
wiki
Wiki for general information about repositories
Cisco Security's Repositories
CiscoSecurity/wiki
Wiki for general information about repositories
CiscoSecurity/tg-04-bulk-submit
Submit files in bulk to Threat Grid via the API
CiscoSecurity/amp-02-fetch-computer-information
Examples of parsing specific elements from the JSON returned from the /computers endpoint
CiscoSecurity/amp-03-pagination
Example of handling pagination with the AMP for Endpoint API
CiscoSecurity/amp-04-sha256-to-command-line-arguments
Enter a SHA256 return a list of command line arguments associated
CiscoSecurity/tg-01-download-analysis-results
Scripts that demonstrate how to download analysis results from Threat Grid
CiscoSecurity/tg-04-indicator-to-ips-domains
Query Threat Grid for one or more indicators and get a list of public IPs and domains
CiscoSecurity/tg-04-rate-limit-check
Check the user and organization Threat Grid API rate limits for a given API Key
CiscoSecurity/amp-02-parse-computer-activity-results
Examples of parsing specific elements from the JSON returned from the /computers/activity endpoint
CiscoSecurity/amp-04-check-sha256-execution
Check if a given SHA256 has been executed in an AMP for Endpoints environment
CiscoSecurity/amp-04-process-name-to-network-connections
Searches an environment for a process name and collects observed network connections
CiscoSecurity/amp-inv-tg-05-chrome-extension
Chrome extension to pivot into AMP for Endpoint, Umbrella Investigate, or Threat Grid
CiscoSecurity/amp-inv-tg-05-firefox-extension
Firefox extension to pivot into AMP for Endpoint, Umbrella Investigate, or Threat Grid
CiscoSecurity/tg-amp-03-get-samples-add-to-scd
Get samples from Threat Grid and add the SHA256 to AMP Simple Custom Detection
CiscoSecurity/tr-01-authentication
Example scripts for authenticating to the Threat Response APIs
CiscoSecurity/tr-01-response
Example scripts for the Threat Response Response API
CiscoSecurity/amp-04-search-computers-by-cidr-block
Searches an AMP for Endpoints environment for computers with an IP Address that is part of a CIDR block
CiscoSecurity/amp-04-sha256-to-network-connections
Searches an environment for a SHA256 and collects observed network connections
CiscoSecurity/amp-inv-tg-05-edge-extension
Edge extension to pivot into AMP for Endpoint, Umbrella Investigate, or Threat Grid
CiscoSecurity/tg-01-tags
Scripts to leverage tagging capabilities of Threat Grid
CiscoSecurity/tg-04-continuous-sample-collection
Example of continuously collecting Sample ID's from Threat Grid for an organizations submitted samples