Fetch All Event Details
For API version information, refer to the API Version History section.
Non-Versioned
This API retrieves EDR events in the user account filtered by date range. The API returns up to 5,000 events per request.
Input ParametersInput Parameters
Parameter |
Mandatory/Optional |
Description |
---|---|---|
Authorization (String) | Mandatory | Authorization token to authenticate to the Qualys Enterprise TruRisk™ Platform. Prepend token with "Bearer" and one space. For example - Bearer authToken. |
fromDate (String) |
Optional |
Show events logged after a certain date. Supports epoch time / unix timestamp. For example - 1483228800 Note: This parameter is used in conjunction with the "toDate" parameter to fetch events for a specific date. Time value is not considered in this parameter. Use the filter parameter to drill down further by applying the time value. |
toDate (String) |
Optional |
Show events that are logged until a certain date. Supports epoch time / unix timestamp. See, https://en.wikipedia.org/wiki/Unix_time For example - 1514764799 Note: This parameter is used in conjunction with the "fromDate" parameter to fetch events for a specific date. Time value is not considered in this parameter. Use the filter parameter to drill down further by applying the time value. |
filter (String) |
Optional |
Filter the events list by providing a query using Qualys syntax. Refer to the How to Search topic in the online help for assistance with creating your query. For example - event.datetime:["2024-09-15T00:30:00.000Z".."2024-09-22T18:29:59.999Z"] AND action: 'Created' You can filter events based on the time they are generated on the event (event.datetime) or the time they are processed at Qualys (event.eventprocesstime). If you want to fetch events by date AND time, it is recommended to use the "event.datetime" or "event.eventprocesstime" parameter. |
pageNumber (String) |
Optional |
The page to be returned. Starts from zero. |
pageSize (String) |
Optional |
The number of records per page to be included in the response. The default is 10 |
sort (String) |
Optional |
Sort the results using a Qualys token. For example - [{"action":"asc"}] |
include_attributes (String) |
Optional |
Include certain attributes in search (provide a comma-separated list). Only included attributes are fetched in the API response. For example,include_attributes = _type, _id, processName |
exclude_attributes (String) |
Optional |
Exclude certain attributes from search (provide a comma-separated list). For example, exclude_attributes = _type, _id, processName Note: You need not exclude attributes if you have included specific attributes using the include_attributes parameter. Not-included attributes are excluded by default. |
Sample - Fetch All Event DetailsSample - Fetch All Event Details
API request
curl -G --data-urlencode "filter=type:file"
"<qualys_base_url>/ioc/events/ -H "Authorization: Bearer <token>"
Response
{
"data":count:55279
}
Response Field DescriptionsResponse Field Descriptions
Dataset Name |
Field Name |
Data Type |
Description |
---|---|---|---|
Event | count | Integer | Count of events. |
V1.0
This API retrieves EDR events in the user account filtered by date range. The API returns up to 5,000 events per request.
Input ParametersInput Parameters
Parameter |
Mandatory/Optional |
Description |
---|---|---|
Authorization (String) | Mandatory | Authorization token to authenticate to the Qualys Enterprise TruRisk™ Platform. Prepend token with "Bearer" and one space. For example - Bearer authToken. |
fromDate (String) |
Optional |
Show events logged after a certain date. Supports epoch time / unix timestamp. For example - 1483228800 Note: This parameter is used in conjunction with the "toDate" parameter to fetch events for a specific date. Time value is not considered in this parameter. Use the filter parameter to drill down further by applying the time value. |
toDate (String) |
Optional |
Show events that are logged until a certain date. Supports epoch time / unix timestamp. See, https://en.wikipedia.org/wiki/Unix_time For example - 1514764799 Note: This parameter is used in conjunction with the "fromDate" parameter to fetch events for a specific date. Time value is not considered in this parameter. Use the filter parameter to drill down further by applying the time value. |
filter (String) |
Optional |
Filter the events list by providing a query using Qualys syntax. Refer to the How to Search topic in the online help for assistance with creating your query. For example - event.datetime:["2024-09-15T00:30:00.000Z".."2024-09-22T18:29:59.999Z"] AND action: 'Created' You can filter events based on the time they are generated on the event (event.datetime) or the time they are processed at Qualys (event.eventprocesstime). If you want to fetch events by date AND time, it is recommended to use the "event.datetime" or "event.eventprocesstime" parameter. |
pageNumber (String) |
Optional |
The page to be returned. Starts from zero. |
pageSize (String) |
Optional |
The number of records per page to be included in the response. The default is 10 |
sort (String) |
Optional |
Sort the results using a Qualys token. For example - [{"action":"asc"}] |
include_attributes (String) |
Optional |
Include certain attributes in search (provide a comma-separated list). Only included attributes are fetched in the API response. For example,include_attributes = _type, _id, processName |
exclude_attributes (String) |
Optional |
Exclude certain attributes from search (provide a comma-separated list). For example, exclude_attributes = _type, _id, processName Note: You need not exclude attributes if you have included specific attributes using the include_attributes parameter. Not-included attributes are excluded by default. |
Sample - Fetch All Event DetailsSample - Fetch All Event Details
API request
curl -G --data-urlencode "filter=type:file"
"<qualys_base_url>/ioc/v1/events/ -H "Authorization: Bearer <token>"
Response
{
"data":count:55279
}
Response Field DescriptionsResponse Field Descriptions
Dataset Name |
Field Name |
Data Type |
Description |
---|---|---|---|
Event | count | Integer | Count of events. |
API Version History
The following table depicts the information about the different versions of this API along with the status:
API Version | API Status | Release Date |
/ioc/events | Active | |
/ioc/v1/events | Active | May 2025 |