Retrieve Asset Details using Asset API

Operator	APIs Affected
GET	/ioc/assets/count
/ioc/assets/{assetId}
/ioc/asset/all

Input Parameters

Mandatory/Optional

Format

Description

Authorization

Mandatory

String

Authorization parameter authenticates the Qualys Cloud Platform. Prepend token with "Bearer" and a space. For example: Bearer authToken.

filter

Optional

String

The filter parameter sorts the fields in the JSON format

For example: [{"asset.lastupdatedtime":"asc"}]

sort

Optional

String

The sort parameter filters the asset by providing a query using Qualys syntax. For more information see EDR Online Help.

For example: asset.platform: 'WINDOWS'

API request

curl -X GET "<qualys_base_url>/ioc/asset/count" --header "accept: */*" -- header "Authorization: Bearer <token>"

Response

{
"count": 228
}

Input Parameters	Mandatory/Optional	Format	Description
Authorization	Mandatory	String	Authorization parameter authenticates the Qualys Cloud Platform. Prepend token with "Bearer" and a space. For example: Bearer authToken.
assetId	Mandatory	String	Use the assetId paramter to retrieve the asset details.

API request

curl -X GET "<qualys_base_url>/ioc/asset/XXX44XX6-XXf8-4XX2-bfXXXX8ba6XX2ebX" --header "accept: */*" --header "Authorization: Bearer <token>"

Response

{
"addedHashes": [
"string"
],
"feature": "EDR_FEATURE"
"isEnabled"
"hostName": "<host_name>",
"interfaces": [
{
"macAddress": "00:00:00:XX:00:00",
"ipAddress": "fXX0:0:0:0:XXX9:1XX9:2XXb:XXed", "interfaceName": "Intel(R) XXX74X Gigabit Network Connection",
"gatewayAddress": "XX.XX.X0X.X"
},
{
"macAddress": "00:X0:XX:0X:00:00",
"ipAddress": "X0.1X.XX1.00",
"interfaceName": "Intel(R) XXX74X Gigabit Network Connection",
"gatewayAddress": "XX.XX.X0X.X"
}
],
"avStatus": false,
"avProfile": {
"name": "Default",
"id": "XXX8a87X-XXbb-4XX9-XX74-XXX08f6XX54X",
"status": "ASSIGNED"
},
"operatingSystem": "Microsoft Windows 10",
"platform": "WINDOWS",
"isAVUpToDate": false,
"assetType": "HOST",
"tags": [
{
"name": "Cloud Agent",
"uuid": "XXX676fX-cXX8-XX32-bfXX-XXX8XbcXXX1b"
}
],
"timeStamp": "2022-08-30T06:19:26.999+0000",
"system": {
"lastBoot": "2022-07-17 19:02:42",
"timezone": "+05:30",
"model": "VMware Virtual Platform",
"manufacturer": "VMware, Inc."
},
"lastLoggedOnUser": "Administrator",
"infections": 0,
"id": "XXX44XX6-XXf8-4XX2-bfXX-XX8ba6XX2ebX"
}

Input Parameters	Mandatory/Optional	Format	Description
Authorization	Mandatory	String	Authorization parameter authenticates the Qualys Cloud Platform. Prepend token with "Bearer" and a space. For example: Bearer authToken.
filter	Optional	String	The filter parameter filters the events list by providing a query using the Qualys syntax. For example: event.dateTime : ['2017-01- 01T05:33:34' .. '2017-01- 31T05:33:34'] AND action: 'Created' For more information see EDR Online Help. You can filter events based on the time they are generated on the asset (event.dateTime) or based on the time they are processed at Qualys Cloud Platform (event.eventProcessedTime). It is recommended to use the "event.dateTime" or "event.eventProcessedTime" parameter if you want to fetch events by date AND time.
pageNumber	Optional	String	The pageNumber parameter returns the page to be returned. It starts from the value zero
pageSize	Optional	String	The pageSize parameter mentions the number of records per page to be included in the response. The default value is 10.
include_attributes	Optional	String	include_attribute parameter includes certain attributes in the search. The search results generated are provided using a comma-separated list. The API response fetches only the included attributes. For example: include_attributes = _type, _id, processName
exclude_attributes	Optional	String	exclude_attribute parameter excludes certain attributes from the search. The search results generated are provided using a comma-separated list. For example: exclude_attributes = _type, _id, processName Note:You need not exclude attributes if you have included specific attributes using the include_attributes parameter. Attributes that are not included are by default excluded.
sort	Optional	String	The sort parameter filters the asset by providing a query using Qualys syntax. For more information see EDR Online Help. For example:asset.platform: 'Windows'

API Request

curl -X GET "<qualys_base_url>/ioc/asset/all" --header "accept: */*" -- header "Authorization: Bearer<token>"

Response

[
{
"lastReportedTime": "2023-08-28T06:37:54.011+0000",
"id": "XX79XXXa-2aXX-XX0b-bXXd-Xc0XXXfbcXXc"
},
{
"timeStamp": "2022-07-20T10:14:37.721+0000",
"avStatus": false,
"id": "4XX9aXX9-XXa7-4XX1-b2XX-XXX5cb2badXX", "isAVUpToDate": false
},
{
"hostName": "DESKTOP-ABCNXYZ",
"interfaces": [
{
"macAddress": "00:00:00:XX:00:00",
"ipAddress": "fXX0:0:0:0:XXX9:1XX9:2XXb:XXed", "interfaceName": "Intel(R) XXX74X Gigabit Network Connection",
"gatewayAddress": "XX.XX.X0X.X"
},
{
"macAddress": "00:X0:XX:0X:00:00",
"ipAddress": "X0.1X.XX1.00",
"interfaceName": "Intel(R) XXX74X Gigabit Network Connection",
"gatewayAddress": "XX.XX.X0X.X"
}
],
"avStatus": false,
"avProfile": {
"name": "Default",
"id": "XXX8a87X-XXbb-4XX9-XX74-XXX08f6XX54X",
"status": "ASSIGNED"
},
"operatingSystem": "Microsoft Windows 10",
"platform": "WINDOWS",
"isAVUpToDate": false,
"assetType": "HOST",
"tags": [
{
"name": "Cloud Agent",
"uuid": "XXX676fX-cXX8-XX32-bfXX-XXX8XbcXXX1b"
}
],
...
]