Fetch Event Details API

Use this API to fetch details for an event. 

GET/fim/v2/events/{eventId}

Input ParametersInput Parameters

Parameter

Mandatory/Optional

Data Type

Description

eventId Mandatory String ID of the event you want to fetch the details for.

Authorization 

 Mandatory  String

Authorization token to authenticate to the Qualys Cloud Platform.

Prepend token with "Bearer" and one space. For example - Bearer authToken

Sample 1Sample 1

API Request

curl -X GET
<qualys_base_url>/fim/v2/events/af8b4ba2-d773-307a-834b-415e6b28d31f 
-H 'authorization: Bearer <token>' 
-H'content-type: application/json'

Response

{
  "dateTime": "2018-04-25T17:33:29.806+0000",
  "fullPath": "\\Device\\HarddiskVolume2\\Windows\\System32\\config\\systemprofile\\ntuser.dat",
  "severity": 4,
  "profiles": [
    {
      "name": "Windows Profile - PCI(NJJ)",
      "rules": [
        {
          "severity": 4,
          "description": null,
          "id": "d6eb7f77-3726-47b3-90d8-3ecc8d8978e0",
          "type": "directory"
        }
      ],
      "id": "1c3b44f4-fd76-4c4d-8a4e-bebdad5fa124",
      "type": "WINDOWS",
      "category": null
    }
  ],
  "type": "File",
  "changedAttributes": [
    2,
    4,
    8,
    16
  ],
  "platform": "WINDOWS",
  "oldContent": null,
  "actor": {
    "process": "QualysAgent.exe",
    "processID": 11280,
    "imagePath": "\\Device\\HarddiskVolume2\\Program Files\\Qualys\\QualysAgent\\QualysAgent.exe",
    "userName": "NT AUTHORITY\\SYSTEM",
    "userID": "S-1-5-18"
  },
  "newContent": null,
  "customerId": "58b888be-a90f-e3be-838d-88877aee572b",
  "name": "ntuser.dat",
  "action": "Attributes",
  "attributes": {
    "old": null,
    "new": [
      "Archive"
    ]
  },
  "id": "af8b4ba2-d773-307a-834b-415e6b28d31f",
  "asset": {
    "agentId": "04b3dd30-e731-4d0d-a921-20b6b2d2997c",
    "interfaces": [
      {
        "hostname": "CAAUTOMATION-PC",
        "macAddress": "00:50:56:9F:FF:54",
        "address": "10.113.197.104",
        "interfaceName": "Intel(R) PRO/1000 MT Network Connection"
      }
    ],
    "lastCheckedIn": "2018-04-26T05:52:19.000Z",
    "created": 1523941162000,
    "hostId": null,
    "operatingSystem": "Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 Build 7601",
    "tags": [
      "7650412",
      "7655820",
      "7895614"
    ],
    "assetType": "HOST",
    "system": {
      "lastBoot": "2018-01-15T12:37:35.000Z"
    },
    "ec2": null,
    "lastLoggedOnUser": ".\\Administrator",
    "netbiosName": "CAAUTOMATION-PC",
    "name": "CAAUTOMATION-PC",
    "agentVersion": "2.0.6.1",
    "updated": 1524721941789
  },
  "class": "Disk"
}

Sample 2Sample 2

API Request

curl -X GET
<qualys_base_url>/fim/v2/events/f589a105- 0100-3dbb-a007-556fae7afea5 
-H 'authorization: Bearer ' 
-H 'content-type: application/json'

Response

{
  "dateTime": "2018-04-25T17:33:29.806+0000",
  "fullPath": "\\Device\\HarddiskVolume2\\Windows\\System32\\config\\systemprofile\\Terminator.exe",
  "severity": 4,
  "profiles": [
    {
      "name": "Windows Profile - PCI(NJJ)",
      "rules": [
        {
          "severity": 4,
          "description": null,
          "id": "d6eb7f77-3726-47b3-90d8-3ecc8d8978e0",
          "type": "directory"
        }
      ],
      "id": "f589a105-0100-3dbb-a007-556fae7afea5",
      "type": "WINDOWS",
      "category": null
    }
  ],
  "type": "File",
  "changedAttributes": [
    2,
    4,
    8,
    16
  ],
  "platform": "WINDOWS",
  "oldContent": null,
  "actor": {
    "process": "update.exe",
    "processID": 11280,
    "imagePath": "C:\\Windows\\system32\\update.exe",
    "userName": "NT AUTHORITY\\SYSTEM",
    "userID": "S-1-5-18"
  },
  "newContent": null,
  "customerId": "58b888be-a90f-e3be-838d-88877aee572b",
  "name": "Terminator.exe",
  "action": "Attributes",
  "attributes": {
    "old": null,
    "new": [
      "Archive"
    ]
  },
  "id": "af8b4ba2-d773-307a-834b-415e6b28d31f",
  "asset": {
    "agentId": "04b3dd30-e731-4d0d-a921-20b6b2d2997c",
    "interfaces": [
      {
        "hostname": "CAAUTOMATION-PC",
        "macAddress": "00:50:56:9F:FF:54",
        "address": "10.113.197.104",
        "interfaceName": "Intel(R) PRO/1000 MT Network Connection"
      }
    ],
    "lastCheckedIn": "2018-04-26T05:52:19.000Z",
    "created": 1523941162000,
    "hostId": null,
    "operatingSystem": "Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 Build 7601",
    "tags": [
      "7650412",
      "7655820",
      "7895614"
    ],
    "assetType": "HOST",
    "system": {
      "lastBoot": "2018-01-15T12:37:35.000Z"
    },
    "ec2": null,
    "lastLoggedOnUser": ".\\Administrator",
    "netbiosName": "CAAUTOMATION-PC",
    "name": "CAAUTOMATION-PC",
    "agentVersion": "2.0.6.1",
    "updated": 1524721941789
  },
  "class": "Disk",
  "fileContentHash": "50dc26047f5572a38aa7adb4e9b140dc301ea41d1f4bed5095a1ed7fc1d03fbc",
  "reputationStatus": "MALICIOUS",
  "fileCertificateHash": [
    "d12bed1761e1b2c244db23cebe4185c2b0839eee",
    "7ade32c9b68b944bf291d1fcc59faef061a6d2f2"
  ],
  "trustStatus": "UNTRUSTED"
}

Sample 3Sample 3

API Request

curl -X GET
<qualys_base_url>/fim/v2/events/e115XXXXaf72-37b5-8f92-9e878bbbba53  
-H 'authorization: Bearer <token>' 
-H'content-type: application/json'

Response

{
  "dateTime": "2021-03-05T11:28:36.455+0000",
  "fullPath": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Data",
  "type": "Value",
  "platform": "WINDOWS",
  "oldContent": null,
  "newContent": null,
  "customerId": "00XXXX-643f-f4af-8336-b253066XXXX",
  "action": "Content",
  "id": "e115XXXX-af72-37b5-8f92-9e878bbbba53",
  "severity": 3,
  "fileCertificateHash": null,
  "profiles": [
    {
      "name": "Profile Name",
      "rules": [
        {
          "severity": 3,
          "number": 1,
          "name": "Rule 1",
          "description": "Rule 1",
          "section": null,
          "id": "4282XXXX-cc33-49d8-82df-53a00e27XXXX",
          "type": "key"
        }
      ],
      "id": "f99941de-2296-4044-bfca-05aeb4575ef5",
      "type": "WINDOWS",
      "category": {
        "name": "PCI",
        "id": "2dabXXXX-2fdd-11e7-93ae-92361f00XXXX"
      }
    }
  ],
  "changedAttributes": null,
  "processedTime": "2021-03-05T05:37:30.311+0000",
  "actor": {
    "process": "reg.exe",
    "processID": 2811,
    "imagePath": "C:\\Windows\\System32\\reg.exe",
    "userName": "MSEDGEWIN10\\IEUser",
    "userID": "S-1-5-21-3461203602-4096304019-2269080069-1000"
  },
  "name": null,
  "asset": {
    "agentId": "7c99XXXX-92fa-4943-91ab-249e341dd10d",
    "interfaces": [
      {
        "hostname": "WIN10-122.WORKGROUP",
        "macAddress": "00:50:56:AA:5C:85",
        "address": "10.115.98.122",
        "interfaceName": "Intel(R) 82574L Gigabit Network Connection"
      }
    ],
    "lastCheckedIn": "2019-07-23T11:01:00.000Z",
    "created": "2021-01-11T06:40:09.930+0000",
    "hostId": null,
    "operatingSystem": "Microsoft Windows 10 Pro 10.0.10586 N/A Build 10586",
    "tags": [
      "7508831",
      "7526815",
      "7593230"
    ],
    "assetType": "HOST",
    "system": {
      "lastBoot": "2019-07-23T11:01:00.000Z"
    },
    "ec2": null,
    "lastLoggedOnUser": ".\\Administrator",
    "netbiosName": "WIN10-122",
    "name": "WIN10-122",
    "agentVersion": "3.0.0.101",
    "updated": "2021-01-11T06:40:09.930+0000"
  },
  "fileContentHash": null,
  "reputationStatus": null,
  "registryPath": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
  "registryName": "Data",
  "oldRegistryValueType": "REG_MULTI_SZ",
  "oldRegistryValueContent": [
    "Multvalue string",
    "Multvalue string"
  ],
  "newRegistryValueType": "REG_MULTI_SZ",
  "newRegistryValueContent": [
    "Multvalue string1",
    "Multvalue string2"
  ],
  "class": "Registry"
}