What's New
API Changelog
2025-06-12 (v1)
Updated
- Windows ARM connectors can be downloaded using the following endpoint:
POST /v1/install_packages
2025-05-08 (v3)
Added
- Added Devices API endpoints for fetching devices:
GET /v3/organizations/{organizationIdentifier}/devices
GET /v3/organizations/{organizationIdentifier}/devices/{device_guid}
GET /v3/organizations/{organizationIdentifier}/devices/{device_guid}/vulnerabilities
Deprecated
GET /v1/computers/{connector_guid}/vulnerabilities
GET /v1/computers/{connector_guid}/os_vulnerabilities
2025-04-01 (v3)
Updated
- Changed response to '204 No Content' for the following endpoints:
PUT /v3/organizations/{organizationIdentifier}/mssp/customers/{customerGuid}
DELETE /v3/organizations/{organizationIdentifier}/mssp/customers/{customerGuid}
- Updated request parameters for the following endpoints:
POST /v3/organizations/{organizationIdentifier}/mssp/customers
PUT /v3/organizations/{organizationIdentifier}/mssp/customers/{customerGuid}
- Removed default value from 'size' parameter for
GET /v3/organizations/{organizationIdentifier}/mssp/customers
- Changed 'businessGuid' to 'guid' in response for
POST /v3/organizations/{organizationIdentifier}/mssp/customers
2025-03-11 (v3)
Updated
- Generalized documentation cleanup for the policies section.
- Added a missing field
2025-03-03 (v3)
Added
- Added MSSP API endpoints for fetching customers, customer creation, customer status, update customer, and disable customer:
GET /v3/organizations/{organizationIdentifier}/mssp/customers
POST /v3/organizations/{organizationIdentifier}/mssp/customers
PUT /v3/organizations/{organizationIdentifier}/mssp/customers/{customerGuid}
DELETE /v3/organizations/{organizationIdentifier}/mssp/customers/{customerGuid}
GET /v3/organizations/{organizationIdentifier}/mssp/customers/{customerGuid}/status
2024-02-13 (v1)
Deprecated
GET /v1/vulnerabilities
GET /v1/vulnerabilities/{sha256}/computers
2025-1-23
Updated
- Updated documentation for Host Firewall
GET /v3/organizations/{organizationIdentifier}/host_firewall/configurations/{configurationGuid}
- Updated documentation for Host Firewall
POST /v3/organizations/{organizationIdentifier}/host_firewall/configurations/{configurationGuid}/rules
2025-01-13
- Updated documentation for
POST /v3/policies/
- Added summaries to all policy api entries
2024-12-19 (v3)
Updated
- Added responses for GET
/v3/organizations/{organizationIdentifier}/vulnerabilities/{cveId}
2024-12-05
Added (v3)
POST /v3/organizations/{organizationIdentifier}/policies
2024-12-05 (v3)
Updated
- Updated documentation for
POST /v1/groups/
- Updated responses for GET /v3/organizations/{organizationIdentifier}/vulnerabilities
2024-11-19 (v1)
Added
- Added MSSP API endpoints for fetching customers, customer creation, customer status, disable customer, and fetching customers usage reports:
GET /v1/mssp/customers
POST /v1/mssp/customers
DELETE /v1/mssp/customers
GET /v1/mssp/customers/status
GET /v1/mssp/customer_usage_reports/total_monthly_usage
GET /v1/mssp/customer_usage_reports/detailed_monthly_usage
2024-11-07 (v3)
Changed
- Update documentation for GET /v3/organizations/{organizationIdentifier}/vulnerabilities
2024-10-10 (v0, v1, v3)
Changed
- Added host_firewall object to the response which includes host firewall status and host firewall configuration for the following endpoints:
GET /v0/computers
GET /v0/computers/{connectorGUID}
GET /v1/computers
GET /v1/computers/{connectorGUID}
Added
GET /v3/organizations/{organizationIdentifier}/vulnerabilities
2024-09-26 (v1)
Removed
- User trajectory endpoint
GET v1/computers/{connectorGUID}/user_trajectory
has been removed. Please useGET v1/computers/{connectorGUID}/trajectory
instead.
2024-08-01 (v1)
Changed
- Added bp_signature object to the response for
GET /v1/computers
andGET /v1/computers/{connectorGUID}
which includes behavioral protection signature version and last updated timestamp.
2024-07-31
Updated
Documentation and API Token generation has been updated to reflect the SecureX EoL.
2024-07-23 (v1)
Changed
Removed critical from risk_score filter parameter GET v1/computers
.
2024-06-20 (v1)
Deprecated
- User trajectory endpoint
GET v1/computers/{connectorGUID}/user_trajectory
is deprecated and will be removed on 2024-09-24. Please useGET v1/computers/{connectorGUID}/trajectory
instead.
Changed
- Trajectory endpoint
GET v1/computers/{connectorGUID}/trajectory
now supports searching for user names among other things.
2024-04-24 (v3)
Added
- Host Firewall endpoints
/v3/organizations/{organizationIdentifier}/host_firewall/
2024-03-12 (v0, v1)
Changed
- Improved descriptions for limit parameter
2024-01-31 (v1)
Changed
- Update with full list of Events GET /v1/audit_logs
2024-01-24 (v1)
Changed
- Added ARM architecture options to request and response for
POST /v1/install_packages
.
2024-01-22 (v1)
Changed
- Update with full list of Types
GET /v1/audit_logs_types
.
2024-01-16 (v1)
Changed
- Added architecture to request and response for
POST /v1/install_packages
.
2023-12-06 (v1)
Changed
- Response for
GET /v1/audit_logs
now includes an additional field ofmessage
for the audit logs GET /v1/computers/{connector_guid}
attribute name changed fromkenna_risk_score
torisk_score
Deprecated
GET /v1/computers
query parameterkenna_risk_score
2023-12-06 (v3)
Added
DELETE /organizations/{organizationIdentifier}/policies/{policyGuid}
2023-10-23 (v0, v1)
Changed
- Added examples of events with
command_line
andnetwork_info
data for the following endpoints: GET /v0/computers/{connector_guid}/trajectory
GET /v1/computers/{connector_guid}/user_trajectory
GET /v1/computers/{connector_guid}/trajectory
2023-10-20 (v1)
Added
GET /v1/compromises
GET /v1/compromises/{connector_guid}
2023-10-11 (v3)
Changed
- Bad request response with a descriptive error message for
PUT /organizations/{organizationIdentifier}/computers/{computer_guid}/uninstall_request
2023-10-11 (v3, v1)
Changed
- Bad request response with a descriptive error message for
PUT /organizations/{organizationIdentifier}/computers/{computer_guid}/uninstall_request
Added
OPTIONS /v1/computers/
2023-09-27 (v3)
Added
GET /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration/usb_mass_storage
- Returns the information about the USB mass storage device control configuration attached to the specified policy, if any.PUT /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration/usb_mass_storage
- Assigns a USB mass storage device control configuration to the specified policy.DELETE /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration/usb_mass_storage
- Removes the USB mass storage device control configuration from the specified policy, if any.GET /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration/windows_portable_device
- Returns the information about the Windows portable device (WPD) device control configuration attached to the specified policy, if any.PUT /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration/windows_portable_device
- Assigns a Windows portable device (WPD) device control configuration to the specified policy.DELETE /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration/windows_portable_device
- Removes the Windows portable device (WPD) device control configuration from the specified policy, if any.POST /organizations/{organizationIdentifier}/device_control/configurations
- Allows an extra attributedeviceClass
, with the supported values being either 'usb_mass_storage' or 'windows_portable_device'.
Deprecated
GET /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration
PUT /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration
DELETE /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration
2023-08-30 (v3)
Changed
- Bad request response with a descriptive error message for
PUT /organizations/{organizationIdentifier}/computers/{computer_guid}/uninstall_request
2023-08-23 (v1)
Removed
OPTIONS /v1/computers/{connector_guid}/isolation
2023-08-16 (v3)
Added
PUT /organizations/{organizationIdentifier}/computers/{computer_guid}/uninstall_request
- requests uninstallation for the connector with the given computer_guid.
2023-07-19 (v3)
GET /organizations/{organizationIdentifier}/device_control/configurations/{configurationGuid}
- returns an extra attributedeviceClass
, with the default value as 'usb_mass_storage'.GET /organizations/{organizationIdentifier}/device_control/configurations
- returns an extra attributedeviceClass
, with the default value as 'usb_mass_storage'.POST /organizations/{organizationIdentifier}/device_control/configurations
- returns an extra attributedeviceClass
, with the default value as 'usb_mass_storage'.
2023-06-21 (v3)
Added
All device control-related endpoints now allow non-admins to access configurations they have given access to. With the exception of creating new configurations, non-admins can view and change permitted configurations.
GET /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration
- returns an extra attributepermitted
which could be false when a non-admin doesn't have access to the configuration.GET /organizations/{organizationIdentifier}/device_control/configurations/{configurationGuid}
- returns an extra attributeguid
on thebaseRule
which uniquely identifies the base rule.GET /organizations/{organizationIdentifier}/device_control/configurations
- returns an extra attributeguid
on thebaseRule
which uniquely identifies the base rule for each configuration.POST /organizations/{organizationIdentifier}/device_control/configurations
- returns an extra attributeguid
on thebaseRule
which uniquely identifies the base rule for the newly created configuration.
2023-06-07 (v3)
Added
POST /organizations/{organizationIdentifier}/device_control/configurations/{configurationGuid}/rule_composer
- allows changes to be applied to multiple rules of the specified device control configuration with one request.
2023-05-25 (v1)
Added
- Response for
PUT /v1/policies/{policy_guid}/connector_upgrade
changed from202 Accepted
to200 Successful response
.
2023-04-26 (v1)
Added
GET /v1/policies/{policy_guid}/connector_upgrade
- shows connector version for a policy.PUT /v1/policies/{policy_guid}/connector_upgrade
- assigns connector version to a policy.DELETE /v1/policies/{policy_guid}/connector_upgrade
- unassigns connector version from a policy.
2023-03-29 (v0)
Added
- Optional parameters
start_time
andend_time
are accepted byGET /v0/computers/{connector_guid}/trajectory
to filter activities within the date-time range.
2023-03-29 (v1)
Added
- Optional parameters
start_time
andend_time
are accepted byGET /v1/computers/{connector_guid}/trajectory
to filter activities within the date-time range. - Optional parameters
start_time
andend_time
are accepted byGET /v1/computers/{connector_guid}/user_trajectory
to filter activities within the date-time range.
2023-03-01 (v1)
Added
- Response for
DELETE /v1/event_streams/{id}
changed from200 Successful response
to202 Accepted
. - Response for
GET /v1/indicators/{indicator_guid}
now includes an additional field ofextended_name
for the techniques
2023-03-01 (v3)
Added
- Bad request response with a descriptive error message for
GET /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration
2023-02-07 (v3)
Added
- Links for policy delete and device_control_configuration in meta for
/organizations/{organizationIdentifier}/policies/{policyGuid}
.
2023-01-18 (v3)
Added
- Meta data to
/organizations/{organizationIdentifier}/policy_types
response body for consistency with other endpoints. - Response for
/organizations/{organizationIdentifier}/exclusion_sets/{exclusionSetGuid}/properties
changed from200 Successful response
to204 No content
. - Response for
PUT /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration
changed from200 Successful response
to204 No content
. - Response for
DELETE /organizations/{organizationIdentifier}/policies/{policyGuid}/device_control_configuration
changed from200 Successful response
to204 No content
. - Response for
PUT /organizations/{organizationIdentifier}/device_control/configurations/{configurationGuid}
changed from200 Successful response
to204 No content
. - Response for
PUT /organizations/{organizationIdentifier}/device_control/configurations/{configurationGuid}/rules/{ruleGuid}
changed from200 Successful response
to204 No content
. - Successful response for
POST /organizations/{organizationIdentifier}/device_control/configurations/{configurationGuid}/rules
will no longer return any response body. The URL of the newly created rule can be obtained from the Location header.
2022-12-07 (v3)
Added
- Documentation for filtering policies by assigned device control configuration.
2022-11-29 (v3)
Added
- Documentation for showing a device control rule.
2022-11-28 (v3)
Added
- Documentation for Indicators of Compromise (IOC) APIs.
- Documentation for IOC Exclusions.
2022-11-23 (v3)
Added
- Documentation for listing device control configurations within an organization, including sort and search.
- Documentation for creating device control configurations.
- Documentation for updating device control configurations properties.
- Documentation for showing device control configuration details.
- Documentation for deleting device control configurations from organization.
- Documentation for listing rules that belong to a device control configuration.
- Documentation for adding rules to a device control configuration.
- Documentation for updating rules that belong to a device control configuration.
- Documentation for deleting rules from a device control configuration.
- Documentation for assigning a device control configuration to a policy.
- Documentation for un-assigning device control configuration from a policy.
Updated
- Improved descriptions for several endpoints.
2022-10-26 (v3)
Added
- Documentation for showing exclusion sets properties.
- Documentation for updating exclusion sets properties.
- Documentation for sorting policies by name and direction.
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- Nothing.
2022-09-28 (v0, v1)
- API Documentation for the v0 / v1 APIs have been migrated to DevNet.
2022-07-12 (v3)
Added
- Documentation for listing Cisco-Maintained exclusion sets available to all organizations.
- Documentation for creating exclusion sets within organization.
- Documentation for listing exclusion sets available to user within organization.
- Documentation for listing exclusion sets applied to a policy.
- Documentation for showing exclusion set details.
- Documentation for deleting exclusion sets from organization.
- Documentation for adding an exclusion set to a policy.
- Documentation for removing an exclusion set from a policy.
- Documentation for getting list of exclusions for any exclusion set (that user has access to) found in their organization.
- Documentation for removing exclusion from an exclusion set.
- Documentation for showing exclusion details.
- Documentation for creating exclusion within organization.
- Documentation for policy types now is in the Policy section.
Deprecated
- Nothing.
Removed
- Nothing.
Fixed
- Nothing.