Fetch Remediation Event Details
For API version information, refer to the API Version History section.
Non-Versioned
This API lets you fetch remediation details from Oracle instead of Elasticsearch, ensuring faster and more reliable data access.
Input Parameters for Remediation EventInput Parameters for Remediation Event
|
Input Parameters |
Mandatory/Optional |
Format |
Description |
|---|---|---|---|
| Authorization | Mandatory | String |
Authorization token to authenticate to the Qualys Enterprise TruRisk™ Platform. Prepend token with "Bearer" and one space. For example - Bearer <authToken> |
| remediationId |
Mandatory |
String |
Enter Remediation ID For example - RTF_5XX96XXe-XX6b-4XX4-90XX-349XXXfcXbcX_10-2023_XX22e6XX-5XXd-XX61-9X6X-c8XX8eXXc26X |
| requestType | Mandatory | String |
Request type, which can be either "quarantinedItem" or "activityLog". For example - activityLog |
Sample - Fetch Remediation Event DetailsSample - Fetch Remediation Event Details
API request
curl -L -X GET '<qualys_base_url>/ioc/remediation-actions/activityLog/RTP_6XXbc7XX-4XX5-4XXa-aXX5-a8XXa6XX03XX_10-2024_fXX08XX0-XX5f-XX01-XX7d-XX8c1XX35dXX' \ -H 'Authorization: Bearer <token>'
Response
{
"action": "Quarantine Host",
"eventSource": "EDR",
"status": "success",
"requestTime": "2025-02-26T10:18:50.000+00:00",
"requestTimestamp": 1740565130495,
"executionTime": "2025-02-26T10:17:08.000+00:00",
"remediationEventId": "3e2927e8-8cf4-4ad0-9bb8-3c666fe4f15e",
"requestId": "20ad3dba-6861-4ca7-afb8-1465e22fef9a",
"manifestId": "91e1ffd2-417e-4b31-a2fe-3221f9473561",
"uniqueId": "4bf85eb9-206f-3abb-b03f-1e9bbe845d3c",
"userId": "qaedr_jd",
"agentId": "x82xx34x-5xxx-4110-9878-x91x5x476x47",
"hostName": "edrrhel9as",
"platform": "LINUX",
"interfaces": [
{
"interfaceName": "ens192",
"macAddress": "00:X0:XX:0X:00:00",
"gatewayAddress": "XX.XX.X0X.X",
"ipAddress": "X0.1X.XX1.00"
},
{
"interfaceName": "ens192",
"macAddress": "00:X0:XX:0X:00:00",
"gatewayAddress": "XX.XX.X0X.X",
"ipAddress": "fXX0:0:0:0:XXX9:1XX9:2XXb:XXed"
}
],
"comments": "QHost",
"statusMessage": "Applied Successfully",
"allowResponseAction": 1,
"remediationPayload": "{\"excludedWhitelistingConfig\":{\"excludedIpConfigs\":[{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"},{\"ipAddress\":\"fXX0:0:0:0:XXX9:1XX9:2XXb:XXed\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V6\"},{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"},{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"},{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"}],\"excludedDomainConfigs\":[{\"domain\":\"tradingview.com\",\"platform\":0},{\"domain\":\"www.goole.com\",\"platform\":0},{\"domain\":\"goole.com\",\"platform\":0},{\"domain\":\"www.youtube.com\",\"platform\":0},{\"domain\":\"www.tradingview.com\",\"platform\":0},{\"domain\":\"jenkins.intranet.qualys.com\",\"platform\":0},{\"domain\":\"google.com\",\"platform\":0}]}}",
"id": "XXX8a87X-XXbb-4XX9-XX74-XXX08f6XX54X",
"type": "AGENT",
"user": "John Doe"
}
Response Field DescriptionsResponse Field Descriptions
|
Dataset Name |
Field Name |
Data Type |
Description |
|---|---|---|---|
| remediation-actions | action | String | The action performed during the event (e.g., 'Quarantine Host', 'Unquarantine Host'). |
| eventSource | Object | The source of the event. | |
| status | String | The status of the action performed during the event. | |
| requestTime | Timestamp | The timestamp when the request was made. | |
| requestTimestamp | Integer (Milliseconds since Epoch) | The timestamp of the request in milliseconds since the Unix epoch (Unix timestamp). | |
| execuetionTime | Timestamp | The time at which the action was executed. | |
| remediationEventID | String | A unique identifier for the remediation event. | |
| requestID | String | A unique identifier for the request. | |
| manifestID | String | A unique identifier for the manifest related to this event. | |
| uniqueID | String | A unique identifier for the event. | |
| userID | String | The user identifier associated with the action. | |
| agentID | String | The agentID of the agent on which the action was performed. | |
| hostname | String | The hostname of the system. | |
| platform | The platform where the event occurred. | ||
| comments | Additional comments or notes about the event. | ||
| statusMessage | A message describing the status of the action. | ||
| allowResponseAction | Integer | Indicates whether a response action is allowed (1 = Allowed). | |
| remediationPayload | String | The JSON payload containing remediation data, such as whitelisting configurations for IPs and domains. | |
| id | String | A unique identifier for the event record, combining multiple parameters such as the remediation event ID and user ID. | |
| type | String | The type of event. | |
| user | String | The name of the user who performed the action. | |
| interface | List of Objects |
A list of interfaces for the asset. Dataset: Interface |
|
| interfaces | macAddress | String | The MAC address of the network interface. |
| ipAddress | String | The IP address of the network interface. | |
| interfaceName | String | The name of the network interface. | |
| gatewayAddress | String | The gateway address of the network interface. |
V1.0
This API lets you fetch remediation details from Oracle instead of Elasticsearch, ensuring faster and more reliable data access.
Input Parameters for Remediation EventInput Parameters for Remediation Event
|
Input Parameters |
Mandatory/Optional |
Format |
Description |
|---|---|---|---|
| Authorization | Mandatory | String |
Authorization token to authenticate to the Qualys Enterprise TruRisk™ Platform. Prepend token with "Bearer" and one space. For example - Bearer <authToken> |
| remediationId |
Mandatory |
String |
Enter Remediation ID For example - RTF_5XX96XXe-XX6b-4XX4-90XX-349XXXfcXbcX_10-2023_XX22e6XX-5XXd-XX61-9X6X-c8XX8eXXc26X |
| requestType | Mandatory | String |
Request type, which can be either "quarantinedItem" or "activityLog". For example - activityLog |
Sample - Fetch Remediation Event DetailsSample - Fetch Remediation Event Details
API request
curl -L -X GET '<qualys_base_url>/ioc/v1/remediation-actions/activityLog/RTP_6XXbc7XX-4XX5-4XXa-aXX5-a8XXa6XX03XX_10-2024_fXX08XX0-XX5f-XX01-XX7d-XX8c1XX35dXX' \ -H 'Authorization: Bearer <token>'
Response
{
"action": "Quarantine Host",
"eventSource": "EDR",
"status": "success",
"requestTime": "2025-02-26T10:18:50.000+00:00",
"requestTimestamp": 1740565130495,
"executionTime": "2025-02-26T10:17:08.000+00:00",
"remediationEventId": "3e2927e8-8cf4-4ad0-9bb8-3c666fe4f15e",
"requestId": "20ad3dba-6861-4ca7-afb8-1465e22fef9a",
"manifestId": "91e1ffd2-417e-4b31-a2fe-3221f9473561",
"uniqueId": "4bf85eb9-206f-3abb-b03f-1e9bbe845d3c",
"userId": "qaedr_jd",
"agentId": "x82xx34x-5xxx-4110-9878-x91x5x476x47",
"hostName": "edrrhel9as",
"platform": "LINUX",
"interfaces": [
{
"interfaceName": "ens192",
"macAddress": "00:X0:XX:0X:00:00",
"gatewayAddress": "XX.XX.X0X.X",
"ipAddress": "X0.1X.XX1.00"
},
{
"interfaceName": "ens192",
"macAddress": "00:X0:XX:0X:00:00",
"gatewayAddress": "XX.XX.X0X.X",
"ipAddress": "fXX0:0:0:0:XXX9:1XX9:2XXb:XXed"
}
],
"comments": "QHost",
"statusMessage": "Applied Successfully",
"allowResponseAction": 1,
"remediationPayload": "{\"excludedWhitelistingConfig\":{\"excludedIpConfigs\":[{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"},{\"ipAddress\":\"fXX0:0:0:0:XXX9:1XX9:2XXb:XXed\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V6\"},{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"},{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"},{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"}],\"excludedDomainConfigs\":[{\"domain\":\"tradingview.com\",\"platform\":0},{\"domain\":\"www.goole.com\",\"platform\":0},{\"domain\":\"goole.com\",\"platform\":0},{\"domain\":\"www.youtube.com\",\"platform\":0},{\"domain\":\"www.tradingview.com\",\"platform\":0},{\"domain\":\"jenkins.intranet.qualys.com\",\"platform\":0},{\"domain\":\"google.com\",\"platform\":0}]}}",
"id": "XXX8a87X-XXbb-4XX9-XX74-XXX08f6XX54X",
"type": "AGENT",
"user": "John Doe"
}
Response Field DescriptionsResponse Field Descriptions
|
Dataset Name |
Field Name |
Data Type |
Description |
|---|---|---|---|
| remediation-actions | action | String | The action performed during the event (e.g., 'Quarantine Host', 'Unquarantine Host'). |
| eventSource | Object | The source of the event. | |
| status | String | The status of the action performed during the event. | |
| requestTime | Timestamp | The timestamp when the request was made. | |
| requestTimestamp | Integer (Milliseconds since Epoch) | The timestamp of the request in milliseconds since the Unix epoch (Unix timestamp). | |
| execuetionTime | Timestamp | The time at which the action was executed. | |
| remediationEventID | String | A unique identifier for the remediation event. | |
| requestID | String | A unique identifier for the request. | |
| manifestID | String | A unique identifier for the manifest related to this event. | |
| uniqueID | String | A unique identifier for the event. | |
| userID | String | The user identifier associated with the action. | |
| agentID | String | The agentID of the agent on which the action was performed. | |
| hostname | String | The hostname of the system. | |
| platform | The platform where the event occurred. | ||
| comments | Additional comments or notes about the event. | ||
| statusMessage | A message describing the status of the action. | ||
| allowResponseAction | Integer | Indicates whether a response action is allowed (1 = Allowed). | |
| remediationPayload | String | The JSON payload containing remediation data, such as whitelisting configurations for IPs and domains. | |
| id | String | A unique identifier for the event record, combining multiple parameters such as the remediation event ID and user ID. | |
| type | String | The type of event. | |
| user | String | The name of the user who performed the action. | |
| interface | List of Objects |
A list of interfaces for the asset. Dataset: Interface |
|
| interfaces | macAddress | String | The MAC address of the network interface. |
| ipAddress | String | The IP address of the network interface. | |
| interfaceName | String | The name of the network interface. | |
| gatewayAddress | String | The gateway address of the network interface. |
API Version History
The following table depicts the information about the different versions of this API along with the status:
| API Version | API Status | Release Date |
| /ioc/remediation-actions/{requestType}/{remediationId} | Active | |
| /ioc/v1/remediation-actions/{requestType}/{remediationId} | Active | May 2025 |