Fetch Remediation Event Details
For API version information, refer to the API Version History section.
Non-Versioned
This API lets you fetch remediation details from Oracle instead of Elasticsearch, ensuring faster and more reliable data access.
Input Parameters for Remediation EventInput Parameters for Remediation Event
Input Parameters |
Mandatory/Optional |
Format |
Description |
---|---|---|---|
Authorization | Mandatory | String |
Authorization token to authenticate to the Qualys Enterprise TruRisk™ Platform. Prepend token with "Bearer" and one space. For example - Bearer <authToken> |
remediationId |
Mandatory |
String |
Enter Remediation ID For example - RTF_5XX96XXe-XX6b-4XX4-90XX-349XXXfcXbcX_10-2023_XX22e6XX-5XXd-XX61-9X6X-c8XX8eXXc26X |
requestType | Mandatory | String |
Request type, which can be either "quarantinedItem" or "activityLog". For example - activityLog |
Sample - Fetch Remediation Event DetailsSample - Fetch Remediation Event Details
API request
curl -L -X GET '<qualys_base_url>/ioc/remediation-actions/activityLog/RTP_6XXbc7XX-4XX5-4XXa-aXX5-a8XXa6XX03XX_10-2024_fXX08XX0-XX5f-XX01-XX7d-XX8c1XX35dXX' \ -H 'Authorization: Bearer <token>'
Response
{ "action": "Quarantine Host", "eventSource": "EDR", "status": "success", "requestTime": "2025-02-26T10:18:50.000+00:00", "requestTimestamp": 1740565130495, "executionTime": "2025-02-26T10:17:08.000+00:00", "remediationEventId": "3e2927e8-8cf4-4ad0-9bb8-3c666fe4f15e", "requestId": "20ad3dba-6861-4ca7-afb8-1465e22fef9a", "manifestId": "91e1ffd2-417e-4b31-a2fe-3221f9473561", "uniqueId": "4bf85eb9-206f-3abb-b03f-1e9bbe845d3c", "userId": "qaedr_jd", "agentId": "x82xx34x-5xxx-4110-9878-x91x5x476x47", "hostName": "edrrhel9as", "platform": "LINUX", "interfaces": [ { "interfaceName": "ens192", "macAddress": "00:X0:XX:0X:00:00", "gatewayAddress": "XX.XX.X0X.X", "ipAddress": "X0.1X.XX1.00" }, { "interfaceName": "ens192", "macAddress": "00:X0:XX:0X:00:00", "gatewayAddress": "XX.XX.X0X.X", "ipAddress": "fXX0:0:0:0:XXX9:1XX9:2XXb:XXed" } ], "comments": "QHost", "statusMessage": "Applied Successfully", "allowResponseAction": 1, "remediationPayload": "{\"excludedWhitelistingConfig\":{\"excludedIpConfigs\":[{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"},{\"ipAddress\":\"fXX0:0:0:0:XXX9:1XX9:2XXb:XXed\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V6\"},{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"},{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"},{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"}],\"excludedDomainConfigs\":[{\"domain\":\"tradingview.com\",\"platform\":0},{\"domain\":\"www.goole.com\",\"platform\":0},{\"domain\":\"goole.com\",\"platform\":0},{\"domain\":\"www.youtube.com\",\"platform\":0},{\"domain\":\"www.tradingview.com\",\"platform\":0},{\"domain\":\"jenkins.intranet.qualys.com\",\"platform\":0},{\"domain\":\"google.com\",\"platform\":0}]}}", "id": "XXX8a87X-XXbb-4XX9-XX74-XXX08f6XX54X", "type": "AGENT", "user": "John Doe" }
Response Field DescriptionsResponse Field Descriptions
Dataset Name |
Field Name |
Data Type |
Description |
---|---|---|---|
remediation-actions | action | String | The action performed during the event (e.g., 'Quarantine Host', 'Unquarantine Host'). |
eventSource | Object | The source of the event. | |
status | String | The status of the action performed during the event. | |
requestTime | Timestamp | The timestamp when the request was made. | |
requestTimestamp | Integer (Milliseconds since Epoch) | The timestamp of the request in milliseconds since the Unix epoch (Unix timestamp). | |
execuetionTime | Timestamp | The time at which the action was executed. | |
remediationEventID | String | A unique identifier for the remediation event. | |
requestID | String | A unique identifier for the request. | |
manifestID | String | A unique identifier for the manifest related to this event. | |
uniqueID | String | A unique identifier for the event. | |
userID | String | The user identifier associated with the action. | |
agentID | String | The agentID of the agent on which the action was performed. | |
hostname | String | The hostname of the system. | |
platform | The platform where the event occurred. | ||
comments | Additional comments or notes about the event. | ||
statusMessage | A message describing the status of the action. | ||
allowResponseAction | Integer | Indicates whether a response action is allowed (1 = Allowed). | |
remediationPayload | String | The JSON payload containing remediation data, such as whitelisting configurations for IPs and domains. | |
id | String | A unique identifier for the event record, combining multiple parameters such as the remediation event ID and user ID. | |
type | String | The type of event. | |
user | String | The name of the user who performed the action. | |
interface | List of Objects |
A list of interfaces for the asset. Dataset: Interface |
|
interfaces | macAddress | String | The MAC address of the network interface. |
ipAddress | String | The IP address of the network interface. | |
interfaceName | String | The name of the network interface. | |
gatewayAddress | String | The gateway address of the network interface. |
V1.0
This API lets you fetch remediation details from Oracle instead of Elasticsearch, ensuring faster and more reliable data access.
Input Parameters for Remediation EventInput Parameters for Remediation Event
Input Parameters |
Mandatory/Optional |
Format |
Description |
---|---|---|---|
Authorization | Mandatory | String |
Authorization token to authenticate to the Qualys Enterprise TruRisk™ Platform. Prepend token with "Bearer" and one space. For example - Bearer <authToken> |
remediationId |
Mandatory |
String |
Enter Remediation ID For example - RTF_5XX96XXe-XX6b-4XX4-90XX-349XXXfcXbcX_10-2023_XX22e6XX-5XXd-XX61-9X6X-c8XX8eXXc26X |
requestType | Mandatory | String |
Request type, which can be either "quarantinedItem" or "activityLog". For example - activityLog |
Sample - Fetch Remediation Event DetailsSample - Fetch Remediation Event Details
API request
curl -L -X GET '<qualys_base_url>/ioc/v1/remediation-actions/activityLog/RTP_6XXbc7XX-4XX5-4XXa-aXX5-a8XXa6XX03XX_10-2024_fXX08XX0-XX5f-XX01-XX7d-XX8c1XX35dXX' \ -H 'Authorization: Bearer <token>'
Response
{ "action": "Quarantine Host", "eventSource": "EDR", "status": "success", "requestTime": "2025-02-26T10:18:50.000+00:00", "requestTimestamp": 1740565130495, "executionTime": "2025-02-26T10:17:08.000+00:00", "remediationEventId": "3e2927e8-8cf4-4ad0-9bb8-3c666fe4f15e", "requestId": "20ad3dba-6861-4ca7-afb8-1465e22fef9a", "manifestId": "91e1ffd2-417e-4b31-a2fe-3221f9473561", "uniqueId": "4bf85eb9-206f-3abb-b03f-1e9bbe845d3c", "userId": "qaedr_jd", "agentId": "x82xx34x-5xxx-4110-9878-x91x5x476x47", "hostName": "edrrhel9as", "platform": "LINUX", "interfaces": [ { "interfaceName": "ens192", "macAddress": "00:X0:XX:0X:00:00", "gatewayAddress": "XX.XX.X0X.X", "ipAddress": "X0.1X.XX1.00" }, { "interfaceName": "ens192", "macAddress": "00:X0:XX:0X:00:00", "gatewayAddress": "XX.XX.X0X.X", "ipAddress": "fXX0:0:0:0:XXX9:1XX9:2XXb:XXed" } ], "comments": "QHost", "statusMessage": "Applied Successfully", "allowResponseAction": 1, "remediationPayload": "{\"excludedWhitelistingConfig\":{\"excludedIpConfigs\":[{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"},{\"ipAddress\":\"fXX0:0:0:0:XXX9:1XX9:2XXb:XXed\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V6\"},{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"},{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"},{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"}],\"excludedDomainConfigs\":[{\"domain\":\"tradingview.com\",\"platform\":0},{\"domain\":\"www.goole.com\",\"platform\":0},{\"domain\":\"goole.com\",\"platform\":0},{\"domain\":\"www.youtube.com\",\"platform\":0},{\"domain\":\"www.tradingview.com\",\"platform\":0},{\"domain\":\"jenkins.intranet.qualys.com\",\"platform\":0},{\"domain\":\"google.com\",\"platform\":0}]}}", "id": "XXX8a87X-XXbb-4XX9-XX74-XXX08f6XX54X", "type": "AGENT", "user": "John Doe" }
Response Field DescriptionsResponse Field Descriptions
Dataset Name |
Field Name |
Data Type |
Description |
---|---|---|---|
remediation-actions | action | String | The action performed during the event (e.g., 'Quarantine Host', 'Unquarantine Host'). |
eventSource | Object | The source of the event. | |
status | String | The status of the action performed during the event. | |
requestTime | Timestamp | The timestamp when the request was made. | |
requestTimestamp | Integer (Milliseconds since Epoch) | The timestamp of the request in milliseconds since the Unix epoch (Unix timestamp). | |
execuetionTime | Timestamp | The time at which the action was executed. | |
remediationEventID | String | A unique identifier for the remediation event. | |
requestID | String | A unique identifier for the request. | |
manifestID | String | A unique identifier for the manifest related to this event. | |
uniqueID | String | A unique identifier for the event. | |
userID | String | The user identifier associated with the action. | |
agentID | String | The agentID of the agent on which the action was performed. | |
hostname | String | The hostname of the system. | |
platform | The platform where the event occurred. | ||
comments | Additional comments or notes about the event. | ||
statusMessage | A message describing the status of the action. | ||
allowResponseAction | Integer | Indicates whether a response action is allowed (1 = Allowed). | |
remediationPayload | String | The JSON payload containing remediation data, such as whitelisting configurations for IPs and domains. | |
id | String | A unique identifier for the event record, combining multiple parameters such as the remediation event ID and user ID. | |
type | String | The type of event. | |
user | String | The name of the user who performed the action. | |
interface | List of Objects |
A list of interfaces for the asset. Dataset: Interface |
|
interfaces | macAddress | String | The MAC address of the network interface. |
ipAddress | String | The IP address of the network interface. | |
interfaceName | String | The name of the network interface. | |
gatewayAddress | String | The gateway address of the network interface. |
API Version History
The following table depicts the information about the different versions of this API along with the status:
API Version | API Status | Release Date |
/ioc/remediation-actions/{requestType}/{remediationId} | Active | |
/ioc/v1/remediation-actions/{requestType}/{remediationId} | Active | May 2025 |