Fetch Asset Details Using SearchAfter

For API version information, refer to the API Version History section.

Non-Versioned | V1.0

Non-Versioned

This API provides comprehensive asset details without limitations. Filter data by date range for greater flexibility in managing and accessing asset information according to your requirements. 

This API involves a two-step process: an Initial Request to start the process and a Follow-Up Request to complete it. Both steps are necessary to ensure the full execution of the API operation. 

GET/ioc/asset/searchAfter

Input ParametersInput Parameters

Input Parameters

Mandatory/Optional

Format

Description

Authorization

Mandatory

String

 Use this token to authenticate with the Qualys Enterprise TruRisk™  Platform.
Prefix the token with "Bearer" followed by a space.
For example: Bearer authToken.
searchAfterValues

Mandatory for Follow-up request

Array

Enter a value for pagination to start fetching the next set of results.

For example: 1722538573707,b2xxx2c4-xxx9-352f-8xx6-axxce3xx37ax

Note: This is the value from the searchAfterValue header returned in the previous response. If not provided, the API will return the first page of results.
filter optional String

Filter the asset list by providing a query using Qualys syntax. Refer to the How to Search topic in the online help for assistance with creating your query.

For example: asset.timestamp: ["2024-07-08T12:01:12.012+0000" .. "2024-08-09T12:01:12.012+0000"] and asset.platform: 'Windows'


You can filter asset based on the timestamp on the asset (asset.timestamp) or based on the time they are reported at Qualys (asset.lastreportedtime). It is recommended to use the "asset.timestamp" or "asset.lastreportedtime" parameter if you want to fetch incident by date AND time.
pageNumber optional String

Specify the page number to retrieve in a paginated response; with 0 being the first page. If not provided, the default value is typically the first page.

For example: 10
pageSize optional String

Specify the number of items to return per page in a paginated response. The default is 10. 

For example, if you choose 50, each page will show up to 50 items.
include_attributes optional String

Provide a comma-separated list of additional attributes to include in search results. Only the included attributes will be fetched in the API response.

For example: state
exclude_attributes optional String

Provide a comma-separated list of additional attributes to exclude from search results.

For example: lastquarantinetime,asset.platform
 

Note: You do not need to exclude specific attributes if you have included specific attributes using the include_attributes parameter. By default, not-included attributes are excluded.

Sample - Initial RequestSample - Initial Request

API Request

curl -L -X GET '<qualys_base_url>/ioc/asset/searchAfter' \ -H 'Authorization: Bearer <token>'

Response

   [
    {
        "timeStamp": "2024-01-16T11:40:16.147+0000",
        "hostName": "winXXqXX",
        "edrActivatedOnDate": "2024-01-16T09:25:14.000+0000",
        "edrFunctionalStatus": "Disabled",
        "id": "05XXfeXX-4XXb-4XX3-bXXe-XXd4X7fa2aXX",
        "operatingSystem": "Windows Microsoft Windows 10 Pro 10.0.1XX44 Build XX044",
        "platform": "Windows"
    },
    ....
    {
        "timeStamp": "2024-04-04T11:49:12.160+0000",
        "hostName": "DESKTOP-XX27GIXX",
        "isEDREnabled": false,
        "edrActivatedOnDate": "2024-04-04T11:49:10.000+0000",
        "edrFunctionalStatus": "Disabled",
        "id": "36XXbf9d-XX9a-4XX3-a0XX-3dXXe83XXd9X",
        "operatingSystem": "Windows Microsoft Windows 10 Pro 10.0.XX393 Build XX393",
        "platform": "Windows"
    }
]

Sample - Follow-up RequestSample - Follow-up Request

API Request

To retrieve the next set of results, you must use the searchAfter value from the previous response header.

curl -L -X GET '<qualys_base_url>/ioc/asset/searchAfter?searchAfterValues=1712231352160,b2xxx2c4-xxx9-352f-8xx6-axxce3xx37ax' \ -H 'Authorization: Bearer <token>'

Response

[
    {
        "hostName": "LvitXX00DREPP",
        "lastReportedTime": "2024-04-12T06:37:25.434+0000",
        "isEDREnabled": true,
        "edrFunctionalStatus": "Inactive",
        "operatingSystem": "Microsoft Windows Server 2019 Standard 10.0.1XX63 64-bit N/A Build 1XX63 UBR XX46",
        "platform": "Windows",
        "timeStamp": "2024-04-04T11:49:29.042+0000",
        "edrActivatedOnDate": "2024-04-03T10:32:11.000+0000",
        "lastLoggedOnUser": "Administrator",
        "id": "XXX8a87X-XXbb-4XX9-XX74-XXX08f6XX54"
    },
    ....
    {
        "hostName": "EDRAuto-WIXXx86",
        "avWorkflow": "UNINSTALLATION",
        "lastReportedTime": "2024-05-14T09:17:28.082+0000",
        "edrFunctionalStatus": "Inactive",
        "productUpdateErrorCode": "-1012",
        "downloadPercent": 100.0,
        "operatingSystem": "Microsoft Windows 7 Ultimate 6.1.XXXX 32-bit Service Pack 1 Build 7601 UBR 2XX46",
        "platform": "Windows",
        "isAVUpToDate": false,
        "isPendingRestart": false,
        "lastLoggedOnUser": "Administrator",
        "infections": 0,
        "id": "XXX8a87X-XXbb-4XX9-XX74-XXX08f6XX54",
        "isEDREnabled": true,
        "avStatus": true,
        "assetType": "HOST",
        "avErrorCode": "ERROR_SUCCESS",
        "timeStamp": "2024-05-14T10:08:36.464+0000",
        "lastEPPReportedTime": "2024-05-03T06:01:14.859+0000",
        "edrActivatedOnDate": "2024-01-10T07:22:09.000+0000"
    }
]

Response Field DescriptionsResponse Field Descriptions

The SearchAfter API returns the same response attributes as Fetch Asset Details

V1.0

This API provides comprehensive asset details without limitations. Filter data by date range for greater flexibility in managing and accessing asset information according to your requirements. 

This API involves a two-step process: an Initial Request to start the process and a Follow-Up Request to complete it. Both steps are necessary to ensure the full execution of the API operation. 

GET/ioc/v1/asset/searchAfter

Input ParametersInput Parameters

Input Parameters

Mandatory/Optional

Format

Description

Authorization

Mandatory

String

 Use this token to authenticate with the Qualys Enterprise TruRisk™  Platform.
Prefix the token with "Bearer" followed by a space.
For example: Bearer authToken.
searchAfterValues

Mandatory for Follow-up request

Array

Enter a value for pagination to start fetching the next set of results.

For example: 1722538573707,b2xxx2c4-xxx9-352f-8xx6-axxce3xx37ax

Note: This is the value from the searchAfterValue header returned in the previous response. If not provided, the API will return the first page of results.
filter optional String

Filter the asset list by providing a query using Qualys syntax. Refer to the How to Search topic in the online help for assistance with creating your query.

For example: asset.timestamp: ["2024-07-08T12:01:12.012+0000" .. "2024-08-09T12:01:12.012+0000"] and asset.platform: 'Windows'


You can filter asset based on the timestamp on the asset (asset.timestamp) or based on the time they are reported at Qualys (asset.lastreportedtime). It is recommended to use the "asset.timestamp" or "asset.lastreportedtime" parameter if you want to fetch incident by date AND time.
pageNumber optional String

Specify the page number to retrieve in a paginated response; with 0 being the first page. If not provided, the default value is typically the first page.

For example: 10
pageSize optional String

Specify the number of items to return per page in a paginated response. The default is 10. 

For example, if you choose 50, each page will show up to 50 items.
include_attributes optional String

Provide a comma-separated list of additional attributes to include in search results. Only the included attributes will be fetched in the API response.

For example: state
exclude_attributes optional String

Provide a comma-separated list of additional attributes to exclude from search results.

For example: lastquarantinetime,asset.platform
 

Note: You do not need to exclude specific attributes if you have included specific attributes using the include_attributes parameter. By default, not-included attributes are excluded.

Sample - Initial RequestSample - Initial Request

API Request

curl -L -X GET '<qualys_base_url>/ioc/v1/asset/searchAfter' \ -H 'Authorization: Bearer <token>'

Response

   [
    {
        "timeStamp": "2024-01-16T11:40:16.147+0000",
        "hostName": "winXXqXX",
        "edrActivatedOnDate": "2024-01-16T09:25:14.000+0000",
        "edrFunctionalStatus": "Disabled",
        "id": "05XXfeXX-4XXb-4XX3-bXXe-XXd4X7fa2aXX",
        "operatingSystem": "Windows Microsoft Windows 10 Pro 10.0.1XX44 Build XX044",
        "platform": "Windows"
    },
    ....
    {
        "timeStamp": "2024-04-04T11:49:12.160+0000",
        "hostName": "DESKTOP-XX27GIXX",
        "isEDREnabled": false,
        "edrActivatedOnDate": "2024-04-04T11:49:10.000+0000",
        "edrFunctionalStatus": "Disabled",
        "id": "36XXbf9d-XX9a-4XX3-a0XX-3dXXe83XXd9X",
        "operatingSystem": "Windows Microsoft Windows 10 Pro 10.0.XX393 Build XX393",
        "platform": "Windows"
    }
]

Sample - Follow-up RequestSample - Follow-up Request

API Request

To retrieve the next set of results, you must use the searchAfter value from the previous response header.

curl -L -X GET '<qualys_base_url>/ioc/v1/asset/searchAfter?searchAfterValues=1712231352160,b2xxx2c4-xxx9-352f-8xx6-axxce3xx37ax' \ -H 'Authorization: Bearer <token>'

Response

[
    {
        "hostName": "LvitXX00DREPP",
        "lastReportedTime": "2024-04-12T06:37:25.434+0000",
        "isEDREnabled": true,
        "edrFunctionalStatus": "Inactive",
        "operatingSystem": "Microsoft Windows Server 2019 Standard 10.0.1XX63 64-bit N/A Build 1XX63 UBR XX46",
        "platform": "Windows",
        "timeStamp": "2024-04-04T11:49:29.042+0000",
        "edrActivatedOnDate": "2024-04-03T10:32:11.000+0000",
        "lastLoggedOnUser": "Administrator",
        "id": "XXX8a87X-XXbb-4XX9-XX74-XXX08f6XX54"
    },
    ....
    {
        "hostName": "EDRAuto-WIXXx86",
        "avWorkflow": "UNINSTALLATION",
        "lastReportedTime": "2024-05-14T09:17:28.082+0000",
        "edrFunctionalStatus": "Inactive",
        "productUpdateErrorCode": "-1012",
        "downloadPercent": 100.0,
        "operatingSystem": "Microsoft Windows 7 Ultimate 6.1.XXXX 32-bit Service Pack 1 Build 7601 UBR 2XX46",
        "platform": "Windows",
        "isAVUpToDate": false,
        "isPendingRestart": false,
        "lastLoggedOnUser": "Administrator",
        "infections": 0,
        "id": "XXX8a87X-XXbb-4XX9-XX74-XXX08f6XX54",
        "isEDREnabled": true,
        "avStatus": true,
        "assetType": "HOST",
        "avErrorCode": "ERROR_SUCCESS",
        "timeStamp": "2024-05-14T10:08:36.464+0000",
        "lastEPPReportedTime": "2024-05-03T06:01:14.859+0000",
        "edrActivatedOnDate": "2024-01-10T07:22:09.000+0000"
    }
]

Response Field DescriptionsResponse Field Descriptions

The SearchAfter API returns the same response attributes as Fetch Asset Details

API Version History

The following table depicts the information about the different versions of this API along with the status:

API Version API Status Release Date
/ioc/asset/searchAfter Active  
/ioc/v1/asset/searchAfter Active May 2025

© 2024 Qualys, Inc. All rights reserved. Privacy Policy.