Fetch Event Details API

Use this API to fetch details for an event.

GET/fim/v2/events/{eventId}

Input ParametersInput Parameters

Parameter	Mandatory/Optional	Data Type	Description
eventId	Mandatory	String	ID of the event you want to fetch the details for.
Authorization	Mandatory	String	Authorization token to authenticate to the Qualys Cloud Platform. Prepend token with "Bearer" and one space. For example - Bearer authToken

Parameter

Mandatory/Optional

Data Type

Description

eventId

Mandatory

String

ID of the event you want to fetch the details for.

Authorization

Mandatory

String

Authorization token to authenticate to the Qualys Cloud Platform.

Prepend token with "Bearer" and one space. For example - Bearer authToken

Sample 1Sample 1

API Request

curl -X GET
<qualys_base_url>/fim/v2/events/af8b4ba2-d773-307a-834b-415e6b28d31f 
-H 'authorization: Bearer <token>' 
-H'content-type: application/json'

Response

{
  "dateTime": "2018-04-25T17:33:29.806+0000",
  "fullPath": "\\Device\\HarddiskVolume2\\Windows\\System32\\config\\systemprofile\\ntuser.dat",
  "severity": 4,
  "profiles": [
    {
      "name": "Windows Profile - PCI(NJJ)",
      "rules": [
        {
          "severity": 4,
          "description": null,
          "id": "d6eb7f77-3726-47b3-90d8-3ecc8d8978e0",
          "type": "directory"
        }
      ],
      "id": "1c3b44f4-fd76-4c4d-8a4e-bebdad5fa124",
      "type": "WINDOWS",
      "category": null
    }
  ],
  "type": "File",
  "changedAttributes": [
    2,
    4,
    8,
    16
  ],
  "platform": "WINDOWS",
  "oldContent": null,
  "actor": {
    "process": "QualysAgent.exe",
    "processID": 11280,
    "imagePath": "\\Device\\HarddiskVolume2\\Program Files\\Qualys\\QualysAgent\\QualysAgent.exe",
    "userName": "NT AUTHORITY\\SYSTEM",
    "userID": "S-1-5-18"
  },
  "newContent": null,
  "customerId": "58b888be-a90f-e3be-838d-88877aee572b",
  "name": "ntuser.dat",
  "action": "Attributes",
  "attributes": {
    "old": null,
    "new": [
      "Archive"
    ]
  },
  "id": "af8b4ba2-d773-307a-834b-415e6b28d31f",
  "asset": {
    "agentId": "04b3dd30-e731-4d0d-a921-20b6b2d2997c",
    "interfaces": [
      {
        "hostname": "CAAUTOMATION-PC",
        "macAddress": "00:50:56:9F:FF:54",
        "address": "10.113.197.104",
        "interfaceName": "Intel(R) PRO/1000 MT Network Connection"
      }
    ],
    "lastCheckedIn": "2018-04-26T05:52:19.000Z",
    "created": 1523941162000,
    "hostId": null,
    "operatingSystem": "Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 Build 7601",
    "tags": [
      "7650412",
      "7655820",
      "7895614"
    ],
    "assetType": "HOST",
    "system": {
      "lastBoot": "2018-01-15T12:37:35.000Z"
    },
    "ec2": null,
    "lastLoggedOnUser": ".\\Administrator",
    "netbiosName": "CAAUTOMATION-PC",
    "name": "CAAUTOMATION-PC",
    "agentVersion": "2.0.6.1",
    "updated": 1524721941789
  },
  "class": "Disk"
}

Sample 2Sample 2

API Request

curl -X GET
<qualys_base_url>/fim/v2/events/f589a105- 0100-3dbb-a007-556fae7afea5 
-H 'authorization: Bearer ' 
-H 'content-type: application/json'

Response

{
  "dateTime": "2018-04-25T17:33:29.806+0000",
  "fullPath": "\\Device\\HarddiskVolume2\\Windows\\System32\\config\\systemprofile\\Terminator.exe",
  "severity": 4,
  "profiles": [
    {
      "name": "Windows Profile - PCI(NJJ)",
      "rules": [
        {
          "severity": 4,
          "description": null,
          "id": "d6eb7f77-3726-47b3-90d8-3ecc8d8978e0",
          "type": "directory"
        }
      ],
      "id": "f589a105-0100-3dbb-a007-556fae7afea5",
      "type": "WINDOWS",
      "category": null
    }
  ],
  "type": "File",
  "changedAttributes": [
    2,
    4,
    8,
    16
  ],
  "platform": "WINDOWS",
  "oldContent": null,
  "actor": {
    "process": "update.exe",
    "processID": 11280,
    "imagePath": "C:\\Windows\\system32\\update.exe",
    "userName": "NT AUTHORITY\\SYSTEM",
    "userID": "S-1-5-18"
  },
  "newContent": null,
  "customerId": "58b888be-a90f-e3be-838d-88877aee572b",
  "name": "Terminator.exe",
  "action": "Attributes",
  "attributes": {
    "old": null,
    "new": [
      "Archive"
    ]
  },
  "id": "af8b4ba2-d773-307a-834b-415e6b28d31f",
  "asset": {
    "agentId": "04b3dd30-e731-4d0d-a921-20b6b2d2997c",
    "interfaces": [
      {
        "hostname": "CAAUTOMATION-PC",
        "macAddress": "00:50:56:9F:FF:54",
        "address": "10.113.197.104",
        "interfaceName": "Intel(R) PRO/1000 MT Network Connection"
      }
    ],
    "lastCheckedIn": "2018-04-26T05:52:19.000Z",
    "created": 1523941162000,
    "hostId": null,
    "operatingSystem": "Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 Build 7601",
    "tags": [
      "7650412",
      "7655820",
      "7895614"
    ],
    "assetType": "HOST",
    "system": {
      "lastBoot": "2018-01-15T12:37:35.000Z"
    },
    "ec2": null,
    "lastLoggedOnUser": ".\\Administrator",
    "netbiosName": "CAAUTOMATION-PC",
    "name": "CAAUTOMATION-PC",
    "agentVersion": "2.0.6.1",
    "updated": 1524721941789
  },
  "class": "Disk",
  "fileContentHash": "50dc26047f5572a38aa7adb4e9b140dc301ea41d1f4bed5095a1ed7fc1d03fbc",
  "reputationStatus": "MALICIOUS",
  "fileCertificateHash": [
    "d12bed1761e1b2c244db23cebe4185c2b0839eee",
    "7ade32c9b68b944bf291d1fcc59faef061a6d2f2"
  ],
  "trustStatus": "UNTRUSTED"
}

Sample 3Sample 3

API Request

curl -X GET
<qualys_base_url>/fim/v2/events/e115XXXXaf72-37b5-8f92-9e878bbbba53  
-H 'authorization: Bearer <token>' 
-H'content-type: application/json'

Response

{
  "dateTime": "2021-03-05T11:28:36.455+0000",
  "fullPath": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Data",
  "type": "Value",
  "platform": "WINDOWS",
  "oldContent": null,
  "newContent": null,
  "customerId": "00XXXX-643f-f4af-8336-b253066XXXX",
  "action": "Content",
  "id": "e115XXXX-af72-37b5-8f92-9e878bbbba53",
  "severity": 3,
  "fileCertificateHash": null,
  "profiles": [
    {
      "name": "Profile Name",
      "rules": [
        {
          "severity": 3,
          "number": 1,
          "name": "Rule 1",
          "description": "Rule 1",
          "section": null,
          "id": "4282XXXX-cc33-49d8-82df-53a00e27XXXX",
          "type": "key"
        }
      ],
      "id": "f99941de-2296-4044-bfca-05aeb4575ef5",
      "type": "WINDOWS",
      "category": {
        "name": "PCI",
        "id": "2dabXXXX-2fdd-11e7-93ae-92361f00XXXX"
      }
    }
  ],
  "changedAttributes": null,
  "processedTime": "2021-03-05T05:37:30.311+0000",
  "actor": {
    "process": "reg.exe",
    "processID": 2811,
    "imagePath": "C:\\Windows\\System32\\reg.exe",
    "userName": "MSEDGEWIN10\\IEUser",
    "userID": "S-1-5-21-3461203602-4096304019-2269080069-1000"
  },
  "name": null,
  "asset": {
    "agentId": "7c99XXXX-92fa-4943-91ab-249e341dd10d",
    "interfaces": [
      {
        "hostname": "WIN10-122.WORKGROUP",
        "macAddress": "00:50:56:AA:5C:85",
        "address": "10.115.98.122",
        "interfaceName": "Intel(R) 82574L Gigabit Network Connection"
      }
    ],
    "lastCheckedIn": "2019-07-23T11:01:00.000Z",
    "created": "2021-01-11T06:40:09.930+0000",
    "hostId": null,
    "operatingSystem": "Microsoft Windows 10 Pro 10.0.10586 N/A Build 10586",
    "tags": [
      "7508831",
      "7526815",
      "7593230"
    ],
    "assetType": "HOST",
    "system": {
      "lastBoot": "2019-07-23T11:01:00.000Z"
    },
    "ec2": null,
    "lastLoggedOnUser": ".\\Administrator",
    "netbiosName": "WIN10-122",
    "name": "WIN10-122",
    "agentVersion": "3.0.0.101",
    "updated": "2021-01-11T06:40:09.930+0000"
  },
  "fileContentHash": null,
  "reputationStatus": null,
  "registryPath": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
  "registryName": "Data",
  "oldRegistryValueType": "REG_MULTI_SZ",
  "oldRegistryValueContent": [
    "Multvalue string",
    "Multvalue string"
  ],
  "newRegistryValueType": "REG_MULTI_SZ",
  "newRegistryValueContent": [
    "Multvalue string1",
    "Multvalue string2"
  ],
  "class": "Registry"
}