Cisco Advanced Malware Protection (AMP) for Endpoints is a cloud-based software-as-a-service (SaaS) endpoint security solution. Cisco AMP connectors are deployed on Windows, Linux, and Mac endpoints. Events from the AMP connectors are forwarded to the cloud deployment and, optionally, to an on-prem Firepower Management Console (FMC) appliance.

Cisco AMP Application Programming Interface (API)

Cisco provides a REST-based API for AMP that allows you to pull data from an AMP for Endpoints deployment and manipulate it if necessary. The Cisco AMP API documentation can be found at https://api-docs.amp.cisco.com.

It’s important to note that the API is location-based and varies depending on where your AMP instance resides.

Currently, three regions exist:

There are also two versions of the API: v0 and v1. This guide uses v1 of the API.


Begin