Dashboard API Docs

The Dashboard API allows developers access the data of the tiles in the Cisco XDR Control Center. These APIs are read-only and only allow you to retrieve information that is being published by the various integration modules. Normally this API is used by the Cisco XDR Control Center UI to populate the dashboard tiles, however this can be very useful for when creating reports.

Use Cases

Access data from dashboard tiles for specific time ranges.
Create reports based on returned data.

How to use the API Docs

Use the interactive documentation to explore the Dashboard API endpoints. Each request will have a complete description of all the required parameters and it also allows you to instantly try it out in the online console. Code templates are also provided for you to quickly build scripts.

In the interactive explorer, the Client ID and Client Secret has been pre-filled and will allow you to make read-only API requests. These credentials will allow you to get an Access Token, which will be stored for subsequent API requests and regenerated when it expires.

Note: The interactive documentation uses read-only credentials and the try it out feature will only work with GET and selected POSTrequests.

To try other Dashboard API requests, go to https://visibility.amp.cisco.com/iroh/iroh-dashboard/index.html

Generate an Access Token

In the interactive API explorer, the Access Token is automatically generated using the pre-filled Client ID and Client Secret so you do not need to generate it yourself.

If you want to understand how the Access Token is generated from the Client ID and Client Secret credentials, take a look at the Authentication page.

For detailed instructions on how to use the interactive API documentation (or your own Python script), see the Getting Started page.

Download the Dashboard OpenAPI Specification

Download the Dashboard OpenAPI specification (OAS) file here.

Sample Code

Below is an example of how to use the Dashboard API.

import json
import requests

# create headers for API request (See the OAuth2 overview page for sample code to generate an access token)
access_token = 'eyJhbGciO....bPito5n5Q' # truncated example, generate JWT token separately
bearer_token = 'Bearer ' + access_token

# retrieve available dashboard tiles for an org
url = 'https://visibility.amp.cisco.com/iroh/iroh-dashboard/tiles'

headers = {
            'Authorization': bearer_token,
            'Content-Type':'application/json',
            'Accept':'application/json'
}

payload = {
            'content': '1.2.3.4 foo bar internetbadguys.com'
}

response = requests.get(url, headers=headers)
print(response.text)

if response.status_code == 200:
    # convert the response to a dict object
    response_json = json.loads(response.text)

    # get the list of tiles
    tiles = response_json['data']

    # iterate through the list of tiles
    for tile in tiles:
        # get the values from a tile (remainder values are accessed in the same way)
        id = tile['id']
        description = tile['description']
        periods = tile['periods']

Download OpenAPI Document