Fetch Remediation Event Details 

For API version information, refer to the API Version History section.

Non-Versioned | V1.0

Non-Versioned

This API lets you fetch remediation details from Oracle instead of Elasticsearch, ensuring faster and more reliable data access.

GET/ioc/remediation-actions/{requestType}/{remediationId}

Input Parameters for Remediation EventInput Parameters for Remediation Event

Input Parameters

Mandatory/Optional

Format

Description

Authorization Mandatory String

Authorization token to authenticate to the Qualys Enterprise TruRisk™  Platform. Prepend token with "Bearer" and one space. 

For example - Bearer <authToken>

remediationId

Mandatory

String

Enter Remediation ID 
 
For example - RTF_5XX96XXe-XX6b-4XX4-90XX-349XXXfcXbcX_10-2023_XX22e6XX-5XXd-XX61-9X6X-c8XX8eXXc26X 
requestType  Mandatory  String

Request type, which can be either "quarantinedItem" or "activityLog".

For example - activityLog

Sample - Fetch Remediation Event DetailsSample - Fetch Remediation Event Details

API request

curl -L -X GET '<qualys_base_url>/ioc/remediation-actions/activityLog/RTP_6XXbc7XX-4XX5-4XXa-aXX5-a8XXa6XX03XX_10-2024_fXX08XX0-XX5f-XX01-XX7d-XX8c1XX35dXX' \ -H 'Authorization: Bearer <token>'

Response

{
  "action": "Quarantine Host",
  "eventSource": "EDR",
  "status": "success",
  "requestTime": "2025-02-26T10:18:50.000+00:00",
  "requestTimestamp": 1740565130495,
  "executionTime": "2025-02-26T10:17:08.000+00:00",
  "remediationEventId": "3e2927e8-8cf4-4ad0-9bb8-3c666fe4f15e",
  "requestId": "20ad3dba-6861-4ca7-afb8-1465e22fef9a",
  "manifestId": "91e1ffd2-417e-4b31-a2fe-3221f9473561",
  "uniqueId": "4bf85eb9-206f-3abb-b03f-1e9bbe845d3c",
  "userId": "qaedr_jd",
  "agentId": "x82xx34x-5xxx-4110-9878-x91x5x476x47",
  "hostName": "edrrhel9as",
  "platform": "LINUX",
  "interfaces": [
    {
      "interfaceName": "ens192",
      "macAddress": "00:X0:XX:0X:00:00",
      "gatewayAddress": "XX.XX.X0X.X",
      "ipAddress": "X0.1X.XX1.00"
    },
    {
      "interfaceName": "ens192",
      "macAddress": "00:X0:XX:0X:00:00",
      "gatewayAddress": "XX.XX.X0X.X",
      "ipAddress": "fXX0:0:0:0:XXX9:1XX9:2XXb:XXed"
    }
  ],
  "comments": "QHost",
  "statusMessage": "Applied Successfully",
  "allowResponseAction": 1,
  "remediationPayload": "{\"excludedWhitelistingConfig\":{\"excludedIpConfigs\":[{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"},{\"ipAddress\":\"fXX0:0:0:0:XXX9:1XX9:2XXb:XXed\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V6\"},{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"},{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"},{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"}],\"excludedDomainConfigs\":[{\"domain\":\"tradingview.com\",\"platform\":0},{\"domain\":\"www.goole.com\",\"platform\":0},{\"domain\":\"goole.com\",\"platform\":0},{\"domain\":\"www.youtube.com\",\"platform\":0},{\"domain\":\"www.tradingview.com\",\"platform\":0},{\"domain\":\"jenkins.intranet.qualys.com\",\"platform\":0},{\"domain\":\"google.com\",\"platform\":0}]}}",
  "id": "XXX8a87X-XXbb-4XX9-XX74-XXX08f6XX54X",
  "type": "AGENT",
  "user": "John Doe"
}

Response Field DescriptionsResponse Field Descriptions

Dataset Name

Field Name

Data Type

Description

remediation-actions action String The action performed during the event (e.g., 'Quarantine Host', 'Unquarantine Host').
  eventSource Object The source of the event.
  status String The status of the action performed during the event.
  requestTime Timestamp The timestamp when the request was made.
  requestTimestamp Integer (Milliseconds since Epoch) The timestamp of the request in milliseconds since the Unix epoch (Unix timestamp).
  execuetionTime Timestamp The time at which the action was executed.
  remediationEventID String A unique identifier for the remediation event.
  requestID String A unique identifier for the request.
  manifestID String A unique identifier for the manifest related to this event.
  uniqueID String A unique identifier for the event.
  userID String The user identifier associated with the action.
  agentID String The agentID of the agent on which the action was performed.
  hostname String The hostname of the system.
  platform   The platform where the event occurred.
  comments   Additional comments or notes about the event.
  statusMessage   A message describing the status of the action.
  allowResponseAction Integer Indicates whether a response action is allowed (1 = Allowed).
  remediationPayload String The JSON payload containing remediation data, such as whitelisting configurations for IPs and domains.
  id String A unique identifier for the event record, combining multiple parameters such as the remediation event ID and user ID.
  type String The type of event.
  user String The name of the user who performed the action.
  interface List of Objects    

A list of interfaces for the asset.

Dataset: Interface

interfaces macAddress String The MAC address of the network interface.
  ipAddress String The IP address of the network interface.
  interfaceName String The name of the network interface. 
  gatewayAddress String The gateway address of the network interface.

V1.0

This API lets you fetch remediation details from Oracle instead of Elasticsearch, ensuring faster and more reliable data access.

GET/ioc/v1/remediation-actions/{requestType}/{remediationId}

Input Parameters for Remediation EventInput Parameters for Remediation Event

Input Parameters

Mandatory/Optional

Format

Description

Authorization Mandatory String

Authorization token to authenticate to the Qualys Enterprise TruRisk™  Platform. Prepend token with "Bearer" and one space. 

For example - Bearer <authToken>

remediationId

Mandatory

String

Enter Remediation ID 
 
For example - RTF_5XX96XXe-XX6b-4XX4-90XX-349XXXfcXbcX_10-2023_XX22e6XX-5XXd-XX61-9X6X-c8XX8eXXc26X 
requestType  Mandatory  String

Request type, which can be either "quarantinedItem" or "activityLog".

For example - activityLog

Sample - Fetch Remediation Event DetailsSample - Fetch Remediation Event Details

API request

curl -L -X GET '<qualys_base_url>/ioc/v1/remediation-actions/activityLog/RTP_6XXbc7XX-4XX5-4XXa-aXX5-a8XXa6XX03XX_10-2024_fXX08XX0-XX5f-XX01-XX7d-XX8c1XX35dXX' \ -H 'Authorization: Bearer <token>'

Response

{
  "action": "Quarantine Host",
  "eventSource": "EDR",
  "status": "success",
  "requestTime": "2025-02-26T10:18:50.000+00:00",
  "requestTimestamp": 1740565130495,
  "executionTime": "2025-02-26T10:17:08.000+00:00",
  "remediationEventId": "3e2927e8-8cf4-4ad0-9bb8-3c666fe4f15e",
  "requestId": "20ad3dba-6861-4ca7-afb8-1465e22fef9a",
  "manifestId": "91e1ffd2-417e-4b31-a2fe-3221f9473561",
  "uniqueId": "4bf85eb9-206f-3abb-b03f-1e9bbe845d3c",
  "userId": "qaedr_jd",
  "agentId": "x82xx34x-5xxx-4110-9878-x91x5x476x47",
  "hostName": "edrrhel9as",
  "platform": "LINUX",
  "interfaces": [
    {
      "interfaceName": "ens192",
      "macAddress": "00:X0:XX:0X:00:00",
      "gatewayAddress": "XX.XX.X0X.X",
      "ipAddress": "X0.1X.XX1.00"
    },
    {
      "interfaceName": "ens192",
      "macAddress": "00:X0:XX:0X:00:00",
      "gatewayAddress": "XX.XX.X0X.X",
      "ipAddress": "fXX0:0:0:0:XXX9:1XX9:2XXb:XXed"
    }
  ],
  "comments": "QHost",
  "statusMessage": "Applied Successfully",
  "allowResponseAction": 1,
  "remediationPayload": "{\"excludedWhitelistingConfig\":{\"excludedIpConfigs\":[{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"},{\"ipAddress\":\"fXX0:0:0:0:XXX9:1XX9:2XXb:XXed\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V6\"},{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"},{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"},{\"ipAddress\":\"X0.1X.XX1.00\",\"subnetMask\":\"255.255.255.255\",\"platform\":0,\"type\":\"V4\"}],\"excludedDomainConfigs\":[{\"domain\":\"tradingview.com\",\"platform\":0},{\"domain\":\"www.goole.com\",\"platform\":0},{\"domain\":\"goole.com\",\"platform\":0},{\"domain\":\"www.youtube.com\",\"platform\":0},{\"domain\":\"www.tradingview.com\",\"platform\":0},{\"domain\":\"jenkins.intranet.qualys.com\",\"platform\":0},{\"domain\":\"google.com\",\"platform\":0}]}}",
  "id": "XXX8a87X-XXbb-4XX9-XX74-XXX08f6XX54X",
  "type": "AGENT",
  "user": "John Doe"
}

Response Field DescriptionsResponse Field Descriptions

Dataset Name

Field Name

Data Type

Description

remediation-actions action String The action performed during the event (e.g., 'Quarantine Host', 'Unquarantine Host').
  eventSource Object The source of the event.
  status String The status of the action performed during the event.
  requestTime Timestamp The timestamp when the request was made.
  requestTimestamp Integer (Milliseconds since Epoch) The timestamp of the request in milliseconds since the Unix epoch (Unix timestamp).
  execuetionTime Timestamp The time at which the action was executed.
  remediationEventID String A unique identifier for the remediation event.
  requestID String A unique identifier for the request.
  manifestID String A unique identifier for the manifest related to this event.
  uniqueID String A unique identifier for the event.
  userID String The user identifier associated with the action.
  agentID String The agentID of the agent on which the action was performed.
  hostname String The hostname of the system.
  platform   The platform where the event occurred.
  comments   Additional comments or notes about the event.
  statusMessage   A message describing the status of the action.
  allowResponseAction Integer Indicates whether a response action is allowed (1 = Allowed).
  remediationPayload String The JSON payload containing remediation data, such as whitelisting configurations for IPs and domains.
  id String A unique identifier for the event record, combining multiple parameters such as the remediation event ID and user ID.
  type String The type of event.
  user String The name of the user who performed the action.
  interface List of Objects    

A list of interfaces for the asset.

Dataset: Interface

interfaces macAddress String The MAC address of the network interface.
  ipAddress String The IP address of the network interface.
  interfaceName String The name of the network interface. 
  gatewayAddress String The gateway address of the network interface.

API Version History

The following table depicts the information about the different versions of this API along with the status:

API Version API Status Release Date
/ioc/remediation-actions/{requestType}/{remediationId} Active  
/ioc/v1/remediation-actions/{requestType}/{remediationId} Active May 2025