Secure Endpoint API - What's New

What's New

API Changelog

2025-06-12 (v1)

Updated

  • Windows ARM connectors can be downloaded using the following endpoint:
    • POST /v1/install_packages

2025-05-08 (v3)

Added

  • Added Devices API endpoints for fetching devices:
    • GET /v3/organizations/{organizationIdentifier}/devices
    • GET /v3/organizations/{organizationIdentifier}/devices/{device_guid}
    • GET /v3/organizations/{organizationIdentifier}/devices/{device_guid}/vulnerabilities

Deprecated

  • GET /v1/computers/{connector_guid}/vulnerabilities
  • GET /v1/computers/{connector_guid}/os_vulnerabilities

2025-04-01 (v3)

Updated

  • Changed response to '204 No Content' for the following endpoints:
    • PUT /v3/organizations/{organizationIdentifier}/mssp/customers/{customerGuid}
    • DELETE /v3/organizations/{organizationIdentifier}/mssp/customers/{customerGuid}
  • Updated request parameters for the following endpoints:
    • POST /v3/organizations/{organizationIdentifier}/mssp/customers
    • PUT /v3/organizations/{organizationIdentifier}/mssp/customers/{customerGuid}
  • Removed default value from 'size' parameter for GET /v3/organizations/{organizationIdentifier}/mssp/customers
  • Changed 'businessGuid' to 'guid' in response for POST /v3/organizations/{organizationIdentifier}/mssp/customers

2025-03-11 (v3)

Updated

  • Generalized documentation cleanup for the policies section.
  • Added a missing field

2025-03-03 (v3)

Added

  • Added MSSP API endpoints for fetching customers, customer creation, customer status, update customer, and disable customer:
    • GET /v3/organizations/{organizationIdentifier}/mssp/customers
    • POST /v3/organizations/{organizationIdentifier}/mssp/customers
    • PUT /v3/organizations/{organizationIdentifier}/mssp/customers/{customerGuid}
    • DELETE /v3/organizations/{organizationIdentifier}/mssp/customers/{customerGuid}
    • GET /v3/organizations/{organizationIdentifier}/mssp/customers/{customerGuid}/status

2024-02-13 (v1)

Deprecated

  • GET /v1/vulnerabilities
  • GET /v1/vulnerabilities/{sha256}/computers

2025-1-23

Updated

  • Updated documentation for Host Firewall GET /v3/organizations/{organizationIdentifier}/host_firewall/configurations/{configurationGuid}
  • Updated documentation for Host Firewall POST /v3/organizations/{organizationIdentifier}/host_firewall/configurations/{configurationGuid}/rules

2025-01-13

  • Updated documentation for POST /v3/policies/
  • Added summaries to all policy api entries

2024-12-19 (v3)

Updated

  • Added responses for GET /v3/organizations/{organizationIdentifier}/vulnerabilities/{cveId}

2024-12-05

Added (v3)

  • POST /v3/organizations/{organizationIdentifier}/policies

2024-12-05 (v3)

Updated

  • Updated documentation for POST /v1/groups/
  • Updated responses for GET /v3/organizations/{organizationIdentifier}/vulnerabilities

2024-11-19 (v1)

Added

  • Added MSSP API endpoints for fetching customers, customer creation, customer status, disable customer, and fetching customers usage reports:
    • GET /v1/mssp/customers
    • POST /v1/mssp/customers
    • DELETE /v1/mssp/customers
    • GET /v1/mssp/customers/status
    • GET /v1/mssp/customer_usage_reports/total_monthly_usage
    • GET /v1/mssp/customer_usage_reports/detailed_monthly_usage

2024-11-07 (v3)

Changed

  • Update documentation for GET /v3/organizations/{organizationIdentifier}/vulnerabilities

2024-10-10 (v0, v1, v3)

Changed

  • Added host_firewall object to the response which includes host firewall status and host firewall configuration for the following endpoints:
    • GET /v0/computers
    • GET /v0/computers/{connectorGUID}
    • GET /v1/computers
    • GET /v1/computers/{connectorGUID}

Added

  • GET /v3/organizations/{organizationIdentifier}/vulnerabilities

2024-09-26 (v1)

Removed

  • User trajectory endpoint GET v1/computers/{connectorGUID}/user_trajectory has been removed. Please use GET v1/computers/{connectorGUID}/trajectory instead.

2024-08-01 (v1)

Changed

  • Added bp_signature object to the response for GET /v1/computers and GET /v1/computers/{connectorGUID} which includes behavioral protection signature version and last updated timestamp.

2024-07-31

Updated

Documentation and API Token generation has been updated to reflect the SecureX EoL.

2024-07-23 (v1)

Changed

Removed critical from risk_score filter parameter GET v1/computers.

2024-06-20 (v1)

Deprecated

  • User trajectory endpoint GET v1/computers/{connectorGUID}/user_trajectory is deprecated and will be removed on 2024-09-24. Please use GET v1/computers/{connectorGUID}/trajectory instead.

Changed

  • Trajectory endpoint GET v1/computers/{connectorGUID}/trajectory now supports searching for user names among other things.

2024-04-24 (v3)

Added

  • Host Firewall endpoints /v3/organizations/{organizationIdentifier}/host_firewall/

2024-03-12 (v0, v1)

Changed

  • Improved descriptions for limit parameter

2024-01-31 (v1)

Changed

  • Update with full list of Events GET /v1/audit_logs

2024-01-24 (v1)

Changed

  • Added ARM architecture options to request and response for POST /v1/install_packages.

2024-01-22 (v1)

Changed

  • Update with full list of Types GET /v1/audit_logs_types.

2024-01-16 (v1)

Changed

  • Added architecture to request and response for POST /v1/install_packages.

2023-12-06 (v1)

Changed

  • Response for GET /v1/audit_logs now includes an additional field of message for the audit logs
  • GET /v1/computers/{connector_guid} attribute name changed from kenna_risk_score to risk_score

Deprecated

  • GET /v1/computers query parameter kenna_risk_score

2023-12-06 (v3)

Added

  • DELETE /organizations/{organizationIdentifier}/policies/{policyGuid}

2023-10-23 (v0, v1)

Changed

  • Added examples of events with command_line and network_info data for the following endpoints:
  • GET /v0/computers/{connector_guid}/trajectory
  • GET /v1/computers/{connector_guid}/user_trajectory
  • GET /v1/computers/{connector_guid}/trajectory

2023-10-20 (v1)

Added

  • GET /v1/compromises
  • GET /v1/compromises/{connector_guid}

2023-10-11 (v3)

Changed

  • Bad request response with a descriptive error message for PUT /organizations/{organizationIdentifier}/computers/{computer_guid}/uninstall_request

2023-10-11 (v3, v1)

Changed

  • Bad request response with a descriptive error message for PUT /organizations/{organizationIdentifier}/computers/{computer_guid}/uninstall_request

Added

  • OPTIONS /v1/computers/

2023-09-27 (v3)

Added

  • GET /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration/usb_mass_storage - Returns the information about the USB mass storage device control configuration attached to the specified policy, if any.
  • PUT /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration/usb_mass_storage - Assigns a USB mass storage device control configuration to the specified policy.
  • DELETE /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration/usb_mass_storage - Removes the USB mass storage device control configuration from the specified policy, if any.
  • GET /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration/windows_portable_device - Returns the information about the Windows portable device (WPD) device control configuration attached to the specified policy, if any.
  • PUT /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration/windows_portable_device - Assigns a Windows portable device (WPD) device control configuration to the specified policy.
  • DELETE /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration/windows_portable_device - Removes the Windows portable device (WPD) device control configuration from the specified policy, if any.
  • POST /organizations/{organizationIdentifier}/device_control/configurations - Allows an extra attribute deviceClass, with the supported values being either 'usb_mass_storage' or 'windows_portable_device'.

Deprecated

  • GET /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration
  • PUT /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration
  • DELETE /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration

2023-08-30 (v3)

Changed

  • Bad request response with a descriptive error message for PUT /organizations/{organizationIdentifier}/computers/{computer_guid}/uninstall_request

2023-08-23 (v1)

Removed

  • OPTIONS /v1/computers/{connector_guid}/isolation

2023-08-16 (v3)

Added

  • PUT /organizations/{organizationIdentifier}/computers/{computer_guid}/uninstall_request - requests uninstallation for the connector with the given computer_guid.

2023-07-19 (v3)

  • GET /organizations/{organizationIdentifier}/device_control/configurations/{configurationGuid} - returns an extra attribute deviceClass, with the default value as 'usb_mass_storage'.
  • GET /organizations/{organizationIdentifier}/device_control/configurations - returns an extra attribute deviceClass, with the default value as 'usb_mass_storage'.
  • POST /organizations/{organizationIdentifier}/device_control/configurations - returns an extra attribute deviceClass, with the default value as 'usb_mass_storage'.

2023-06-21 (v3)

Added

  • All device control-related endpoints now allow non-admins to access configurations they have given access to. With the exception of creating new configurations, non-admins can view and change permitted configurations.

  • GET /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration - returns an extra attribute permitted which could be false when a non-admin doesn't have access to the configuration.

  • GET /organizations/{organizationIdentifier}/device_control/configurations/{configurationGuid} - returns an extra attribute guid on the baseRule which uniquely identifies the base rule.

  • GET /organizations/{organizationIdentifier}/device_control/configurations - returns an extra attribute guid on the baseRule which uniquely identifies the base rule for each configuration.

  • POST /organizations/{organizationIdentifier}/device_control/configurations - returns an extra attribute guid on the baseRule which uniquely identifies the base rule for the newly created configuration.

2023-06-07 (v3)

Added

  • POST /organizations/{organizationIdentifier}/device_control/configurations/{configurationGuid}/rule_composer - allows changes to be applied to multiple rules of the specified device control configuration with one request.

2023-05-25 (v1)

Added

  • Response for PUT /v1/policies/{policy_guid}/connector_upgrade changed from 202 Accepted to 200 Successful response.

2023-04-26 (v1)

Added

  • GET /v1/policies/{policy_guid}/connector_upgrade - shows connector version for a policy.
  • PUT /v1/policies/{policy_guid}/connector_upgrade - assigns connector version to a policy.
  • DELETE /v1/policies/{policy_guid}/connector_upgrade - unassigns connector version from a policy.

2023-03-29 (v0)

Added

  • Optional parameters start_time and end_time are accepted by GET /v0/computers/{connector_guid}/trajectory to filter activities within the date-time range.

2023-03-29 (v1)

Added

  • Optional parameters start_time and end_time are accepted by GET /v1/computers/{connector_guid}/trajectory to filter activities within the date-time range.
  • Optional parameters start_time and end_time are accepted by GET /v1/computers/{connector_guid}/user_trajectory to filter activities within the date-time range.

2023-03-01 (v1)

Added

  • Response for DELETE /v1/event_streams/{id} changed from 200 Successful response to 202 Accepted.
  • Response for GET /v1/indicators/{indicator_guid} now includes an additional field of extended_name for the techniques

2023-03-01 (v3)

Added

  • Bad request response with a descriptive error message for GET /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration

2023-02-07 (v3)

Added

  • Links for policy delete and device_control_configuration in meta for /organizations/{organizationIdentifier}/policies/{policyGuid}.

2023-01-18 (v3)

Added

  • Meta data to /organizations/{organizationIdentifier}/policy_types response body for consistency with other endpoints.
  • Response for /organizations/{organizationIdentifier}/exclusion_sets/{exclusionSetGuid}/properties changed from 200 Successful response to 204 No content.
  • Response for PUT /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration changed from 200 Successful response to 204 No content.
  • Response for DELETE /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration changed from 200 Successful response to 204 No content.
  • Response for PUT /organizations/{organizationIdentifier}/device_control/configurations/{configurationGuid} changed from 200 Successful response to 204 No content.
  • Response for PUT /organizations/{organizationIdentifier}/device_control/configurations/{configurationGuid}/rules/{ruleGuid} changed from 200 Successful response to 204 No content.
  • Successful response for POST /organizations/{organizationIdentifier}/device_control/configurations/{configurationGuid}/rules will no longer return any response body. The URL of the newly created rule can be obtained from the Location header.

2022-12-07 (v3)

Added

  • Documentation for filtering policies by assigned device control configuration.

2022-11-29 (v3)

Added

  • Documentation for showing a device control rule.

2022-11-28 (v3)

Added

  • Documentation for Indicators of Compromise (IOC) APIs.
  • Documentation for IOC Exclusions.

2022-11-23 (v3)

Added

  • Documentation for listing device control configurations within an organization, including sort and search.
  • Documentation for creating device control configurations.
  • Documentation for updating device control configurations properties.
  • Documentation for showing device control configuration details.
  • Documentation for deleting device control configurations from organization.
  • Documentation for listing rules that belong to a device control configuration.
  • Documentation for adding rules to a device control configuration.
  • Documentation for updating rules that belong to a device control configuration.
  • Documentation for deleting rules from a device control configuration.
  • Documentation for assigning a device control configuration to a policy.
  • Documentation for un-assigning device control configuration from a policy.

Updated

  • Improved descriptions for several endpoints.

2022-10-26 (v3)

Added

  • Documentation for showing exclusion sets properties.
  • Documentation for updating exclusion sets properties.
  • Documentation for sorting policies by name and direction.

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • Nothing.

2022-09-28 (v0, v1)

  • API Documentation for the v0 / v1 APIs have been migrated to DevNet.

2022-07-12 (v3)

Added

  • Documentation for listing Cisco-Maintained exclusion sets available to all organizations.
  • Documentation for creating exclusion sets within organization.
  • Documentation for listing exclusion sets available to user within organization.
  • Documentation for listing exclusion sets applied to a policy.
  • Documentation for showing exclusion set details.
  • Documentation for deleting exclusion sets from organization.
  • Documentation for adding an exclusion set to a policy.
  • Documentation for removing an exclusion set from a policy.
  • Documentation for getting list of exclusions for any exclusion set (that user has access to) found in their organization.
  • Documentation for removing exclusion from an exclusion set.
  • Documentation for showing exclusion details.
  • Documentation for creating exclusion within organization.
  • Documentation for policy types now is in the Policy section.

Deprecated

  • Nothing.

Removed

  • Nothing.

Fixed

  • Nothing.