This API retrieves a large number of search results in smaller sections or batches.
Operator |
APIs Affected |
---|---|
|
/ioc/assets/count |
/ioc/assets/{assetId} | |
/ioc/asset/all |
Input Parameters for Fetch Asset CountInput Parameters for Fetch Asset Count
Input Parameters |
Mandatory/Optional |
Format |
Description |
---|---|---|---|
Authorization |
Mandatory |
String |
Authorization parameter authenticates the Qualys Cloud Platform. Prepend token with "Bearer" and a space. For example: Bearer authToken. |
filter |
Optional |
String |
The filter parameter sorts the fields in the JSON format For example: [{"asset.lastupdatedtime":"asc"}] |
sort |
Optional |
String |
The sort parameter filters the asset by providing a query using Qualys syntax. For more information see EDR Online Help. For example: asset.platform: 'WINDOWS' |
Sample - Fetch Asset CountSample - Fetch Asset Count
API request
curl -X GET "<qualys_base_url>/ioc/asset/count" --header "accept: */*" -- header "Authorization: Bearer <token>"
Response
{
"count": 228
}
Input Parameters for Fetch Asset DataInput Parameters for Fetch Asset Data
Input Parameters |
Mandatory/Optional |
Format |
Description |
---|---|---|---|
Authorization |
Mandatory |
String |
Authorization parameter authenticates the Qualys Cloud Platform. Prepend token with "Bearer" and a space. For example: Bearer authToken. |
assetId |
Mandatory |
String |
Use the assetId paramter to retrieve the asset details. |
Sample - Fetch Asset DataSample - Fetch Asset Data
API request
curl -X GET "<qualys_base_url>/ioc/asset/XXX44XX6-XXf8-4XX2-bfXXXX8ba6XX2ebX" --header "accept: */*" --header "Authorization: Bearer <token>"
Response
{
"addedHashes": [
"string"
],
"feature": "EDR_FEATURE"
"isEnabled"
"hostName": "<host_name>",
"interfaces": [
{
"macAddress": "00:00:00:XX:00:00",
"ipAddress": "fXX0:0:0:0:XXX9:1XX9:2XXb:XXed", "interfaceName": "Intel(R) XXX74X Gigabit Network Connection",
"gatewayAddress": "XX.XX.X0X.X"
},
{
"macAddress": "00:X0:XX:0X:00:00",
"ipAddress": "X0.1X.XX1.00",
"interfaceName": "Intel(R) XXX74X Gigabit Network Connection",
"gatewayAddress": "XX.XX.X0X.X"
}
],
"avStatus": false,
"avProfile": {
"name": "Default",
"id": "XXX8a87X-XXbb-4XX9-XX74-XXX08f6XX54X",
"status": "ASSIGNED"
},
"operatingSystem": "Microsoft Windows 10",
"platform": "WINDOWS",
"isAVUpToDate": false,
"assetType": "HOST",
"tags": [
{
"name": "Cloud Agent",
"uuid": "XXX676fX-cXX8-XX32-bfXX-XXX8XbcXXX1b"
}
],
"timeStamp": "2022-08-30T06:19:26.999+0000",
"system": {
"lastBoot": "2022-07-17 19:02:42",
"timezone": "+05:30",
"model": "VMware Virtual Platform",
"manufacturer": "VMware, Inc."
},
"lastLoggedOnUser": "Administrator",
"infections": 0,
"id": "XXX44XX6-XXf8-4XX2-bfXX-XX8ba6XX2ebX"
}
Input Parameters for Fetch Asset ListInput Parameters for Fetch Asset List
Input Parameters |
Mandatory/Optional |
Format |
Description |
---|---|---|---|
Authorization |
Mandatory |
String |
Authorization parameter authenticates the Qualys Cloud Platform. Prepend token with "Bearer" and a space. For example: Bearer authToken. |
filter |
Optional |
String |
The filter parameter filters the events list by providing a query using the Qualys syntax. For example: event.dateTime : ['2017-01- 01T05:33:34' .. '2017-01- 31T05:33:34'] AND action: 'Created' For more information see EDR Online Help. You can filter events based on the time they are generated on the asset (event.dateTime) or based on the time they are processed at Qualys Cloud Platform (event.eventProcessedTime). It is recommended to use the "event.dateTime" or "event.eventProcessedTime" parameter if you want to fetch events by date AND time. |
pageNumber |
Optional |
String |
The pageNumber parameter returns the page to be returned. It starts from the value zero |
pageSize |
Optional |
String |
The pageSize parameter mentions the number of records per page to be included in the response. The default value is 10. |
include_attributes |
Optional |
String |
include_attribute parameter includes certain attributes in the search. The search results generated are provided using a comma-separated list. The API response fetches only the included attributes. For example: include_attributes = _type, _id, processName |
exclude_attributes |
Optional |
String |
exclude_attribute parameter excludes certain attributes from the search. The search results generated are provided using a comma-separated list. For example: exclude_attributes = _type, _id, processName Note:You need not exclude attributes if you have included specific attributes using the include_attributes parameter. Attributes that are not included are by default excluded. |
sort |
Optional |
String |
The sort parameter filters the asset by providing a query using Qualys syntax. For more information see EDR Online Help. For example:asset.platform: 'Windows' |
Sample - Fetch Asset ListSample - Fetch Asset List
API Request
curl -X GET "<qualys_base_url>/ioc/asset/all" --header "accept: */*" -- header "Authorization: Bearer<token>"
Response
[
{
"lastReportedTime": "2023-08-28T06:37:54.011+0000",
"id": "XX79XXXa-2aXX-XX0b-bXXd-Xc0XXXfbcXXc"
},
{
"timeStamp": "2022-07-20T10:14:37.721+0000",
"avStatus": false,
"id": "4XX9aXX9-XXa7-4XX1-b2XX-XXX5cb2badXX", "isAVUpToDate": false
},
{
"hostName": "DESKTOP-ABCNXYZ",
"interfaces": [
{
"macAddress": "00:00:00:XX:00:00",
"ipAddress": "fXX0:0:0:0:XXX9:1XX9:2XXb:XXed", "interfaceName": "Intel(R) XXX74X Gigabit Network Connection",
"gatewayAddress": "XX.XX.X0X.X"
},
{
"macAddress": "00:X0:XX:0X:00:00",
"ipAddress": "X0.1X.XX1.00",
"interfaceName": "Intel(R) XXX74X Gigabit Network Connection",
"gatewayAddress": "XX.XX.X0X.X"
}
],
"avStatus": false,
"avProfile": {
"name": "Default",
"id": "XXX8a87X-XXbb-4XX9-XX74-XXX08f6XX54X",
"status": "ASSIGNED"
},
"operatingSystem": "Microsoft Windows 10",
"platform": "WINDOWS",
"isAVUpToDate": false,
"assetType": "HOST",
"tags": [
{
"name": "Cloud Agent",
"uuid": "XXX676fX-cXX8-XX32-bfXX-XXX8XbcXXX1b"
}
],
...
]
Was this topic helpful?