Fetch Event Counts Using Time Buckets
For API version information, refer to the API Version History section.
Non-Versioned
This API returns the event count after grouping them into a specified number of buckets.
Input ParametersInput Parameters
| Parameter | Mandatory/Optional | Description |
|---|---|---|
| Authorization (String) | Mandatory | Authorization token to authenticate to the EDR Platform. Create a token with "Bearer" and one space. For example - Bearer authToken. |
| fromDate | Optional | List events from this date (epoch time). |
| toDate | Optional | List events till this date (epoch time). |
| filter (String) | Optional | Filter the events list by providing a query using Qualys syntax. datetime:["2025-11-14T00:11:00.000Z".."2025-11-14T00:12:00.000Z"] Note - only the datetime filter will work |
| bucketCount | Optional | Give any count based on the requirement e.g -5 |
API Request
curl -G --data-urlencode "filter=type:file" "<qualys_base_url>/ioc/events/count/time-buckets?fromDate=1764134321&toDate=1764145121&bucketCount=5 -H "Authorization: Bearer <token>"
Response
{
"2025-11-26T04:48:00.000Z_2025-11-26T05:24:00.000Z": 733,
"2025-11-26T05:24:00.000Z_2025-11-26T06:00:00.000Z": 4984,
"2025-11-26T06:00:00.000Z_2025-11-26T06:36:00.000Z": 4930,
"2025-11-26T06:36:00.000Z_2025-11-26T07:12:00.000Z": 5120,
"2025-11-26T07:12:00.000Z_2025-11-26T07:48:00.000Z": 5047
}
V1.0
This API returns the number of events after grouping them into a specified number of buckets.
Input ParametersInput Parameters
| Parameter | Mandatory/Optional | Description |
|---|---|---|
| Authorization (String) | Mandatory | Authorization token to authenticate to the EDR Platform. Create a token with "Bearer" and one space. For example - Bearer authToken. |
| fromDate | Optional | List events from this date (epoch time). |
| toDate | Optional | List events till this date (epoch time). |
| filter (String) | Optional | Filter the events list by providing a query using Qualys syntax. datetime:["2025-11-14T00:11:00.000Z".."2025-11-14T00:12:00.000Z"] Note - only the datetime filter will work |
| bucketCount | Optional | Give any count based on the requirement e.g -5 |
API Request
curl -G --data-urlencode "filter=type:file" "<qualys_base_url>/ioc/v1/events/count/time-buckets?fromDate=1764134321&toDate=1764145121&bucketCount=5 -H "Authorization: Bearer <token>"
Response
{
"2025-11-26T04:48:00.000Z_2025-11-26T05:24:00.000Z": 733,
"2025-11-26T05:24:00.000Z_2025-11-26T06:00:00.000Z": 4984,
"2025-11-26T06:00:00.000Z_2025-11-26T06:36:00.000Z": 4930,
"2025-11-26T06:36:00.000Z_2025-11-26T07:12:00.000Z": 5120,
"2025-11-26T07:12:00.000Z_2025-11-26T07:48:00.000Z": 5047
}
API Version History
The following table depicts the information about the different versions of this API, along with the status:
| API Version | API Status | Release Date |
| /ioc/events/count | Active | |
| /ioc/v1/events/count | Active | May 2025 |
Use the datetime filter, or use the fromDate, toDate date fields to get the event count.