Use this API to fetch details for an event.
Parameter |
Mandatory/Optional |
Data Type |
Description |
---|---|---|---|
eventId | Mandatory | String | ID of the event you want to fetch the details for. |
Authorization |
Mandatory | String |
Authorization token to authenticate to the Qualys Cloud Platform. Prepend token with "Bearer" and one space. For example - Bearer authToken |
API Request
curl -X GET
<qualys_base_url>/fim/v2/events/af8b4ba2-d773-307a-834b-415e6b28d31f
-H 'authorization: Bearer <token>'
-H'content-type: application/json'
Response
{ "dateTime": "2018-04-25T17:33:29.806+0000", "fullPath": "\\Device\\HarddiskVolume2\\Windows\\System32\\config\\systemprofile\\ntuser.dat", "severity": 4, "profiles": [ { "name": "Windows Profile - PCI(NJJ)", "rules": [ { "severity": 4, "description": null, "id": "d6eb7f77-3726-47b3-90d8-3ecc8d8978e0", "type": "directory" } ], "id": "1c3b44f4-fd76-4c4d-8a4e-bebdad5fa124", "type": "WINDOWS", "category": null } ], "type": "File", "changedAttributes": [ 2, 4, 8, 16 ], "platform": "WINDOWS", "oldContent": null, "actor": { "process": "QualysAgent.exe", "processID": 11280, "imagePath": "\\Device\\HarddiskVolume2\\Program Files\\Qualys\\QualysAgent\\QualysAgent.exe", "userName": "NT AUTHORITY\\SYSTEM", "userID": "S-1-5-18" }, "newContent": null, "customerId": "58b888be-a90f-e3be-838d-88877aee572b", "name": "ntuser.dat", "action": "Attributes", "attributes": { "old": null, "new": [ "Archive" ] }, "id": "af8b4ba2-d773-307a-834b-415e6b28d31f", "asset": { "agentId": "04b3dd30-e731-4d0d-a921-20b6b2d2997c", "interfaces": [ { "hostname": "CAAUTOMATION-PC", "macAddress": "00:50:56:9F:FF:54", "address": "10.113.197.104", "interfaceName": "Intel(R) PRO/1000 MT Network Connection" } ], "lastCheckedIn": "2018-04-26T05:52:19.000Z", "created": 1523941162000, "hostId": null, "operatingSystem": "Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 Build 7601", "tags": [ "7650412", "7655820", "7895614" ], "assetType": "HOST", "system": { "lastBoot": "2018-01-15T12:37:35.000Z" }, "ec2": null, "lastLoggedOnUser": ".\\Administrator", "netbiosName": "CAAUTOMATION-PC", "name": "CAAUTOMATION-PC", "agentVersion": "2.0.6.1", "updated": 1524721941789 }, "class": "Disk" }
API Request
curl -X GET
<qualys_base_url>/fim/v2/events/f589a105- 0100-3dbb-a007-556fae7afea5
-H 'authorization: Bearer '
-H 'content-type: application/json'
Response
{ "dateTime": "2018-04-25T17:33:29.806+0000", "fullPath": "\\Device\\HarddiskVolume2\\Windows\\System32\\config\\systemprofile\\Terminator.exe", "severity": 4, "profiles": [ { "name": "Windows Profile - PCI(NJJ)", "rules": [ { "severity": 4, "description": null, "id": "d6eb7f77-3726-47b3-90d8-3ecc8d8978e0", "type": "directory" } ], "id": "f589a105-0100-3dbb-a007-556fae7afea5", "type": "WINDOWS", "category": null } ], "type": "File", "changedAttributes": [ 2, 4, 8, 16 ], "platform": "WINDOWS", "oldContent": null, "actor": { "process": "update.exe", "processID": 11280, "imagePath": "C:\\Windows\\system32\\update.exe", "userName": "NT AUTHORITY\\SYSTEM", "userID": "S-1-5-18" }, "newContent": null, "customerId": "58b888be-a90f-e3be-838d-88877aee572b", "name": "Terminator.exe", "action": "Attributes", "attributes": { "old": null, "new": [ "Archive" ] }, "id": "af8b4ba2-d773-307a-834b-415e6b28d31f", "asset": { "agentId": "04b3dd30-e731-4d0d-a921-20b6b2d2997c", "interfaces": [ { "hostname": "CAAUTOMATION-PC", "macAddress": "00:50:56:9F:FF:54", "address": "10.113.197.104", "interfaceName": "Intel(R) PRO/1000 MT Network Connection" } ], "lastCheckedIn": "2018-04-26T05:52:19.000Z", "created": 1523941162000, "hostId": null, "operatingSystem": "Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 Build 7601", "tags": [ "7650412", "7655820", "7895614" ], "assetType": "HOST", "system": { "lastBoot": "2018-01-15T12:37:35.000Z" }, "ec2": null, "lastLoggedOnUser": ".\\Administrator", "netbiosName": "CAAUTOMATION-PC", "name": "CAAUTOMATION-PC", "agentVersion": "2.0.6.1", "updated": 1524721941789 }, "class": "Disk", "fileContentHash": "50dc26047f5572a38aa7adb4e9b140dc301ea41d1f4bed5095a1ed7fc1d03fbc", "reputationStatus": "MALICIOUS", "fileCertificateHash": [ "d12bed1761e1b2c244db23cebe4185c2b0839eee", "7ade32c9b68b944bf291d1fcc59faef061a6d2f2" ], "trustStatus": "UNTRUSTED" }
API Request
curl -X GET
<qualys_base_url>/fim/v2/events/e115XXXXaf72-37b5-8f92-9e878bbbba53
-H 'authorization: Bearer <token>'
-H'content-type: application/json'
Response
{ "dateTime": "2021-03-05T11:28:36.455+0000", "fullPath": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Data", "type": "Value", "platform": "WINDOWS", "oldContent": null, "newContent": null, "customerId": "00XXXX-643f-f4af-8336-b253066XXXX", "action": "Content", "id": "e115XXXX-af72-37b5-8f92-9e878bbbba53", "severity": 3, "fileCertificateHash": null, "profiles": [ { "name": "Profile Name", "rules": [ { "severity": 3, "number": 1, "name": "Rule 1", "description": "Rule 1", "section": null, "id": "4282XXXX-cc33-49d8-82df-53a00e27XXXX", "type": "key" } ], "id": "f99941de-2296-4044-bfca-05aeb4575ef5", "type": "WINDOWS", "category": { "name": "PCI", "id": "2dabXXXX-2fdd-11e7-93ae-92361f00XXXX" } } ], "changedAttributes": null, "processedTime": "2021-03-05T05:37:30.311+0000", "actor": { "process": "reg.exe", "processID": 2811, "imagePath": "C:\\Windows\\System32\\reg.exe", "userName": "MSEDGEWIN10\\IEUser", "userID": "S-1-5-21-3461203602-4096304019-2269080069-1000" }, "name": null, "asset": { "agentId": "7c99XXXX-92fa-4943-91ab-249e341dd10d", "interfaces": [ { "hostname": "WIN10-122.WORKGROUP", "macAddress": "00:50:56:AA:5C:85", "address": "10.115.98.122", "interfaceName": "Intel(R) 82574L Gigabit Network Connection" } ], "lastCheckedIn": "2019-07-23T11:01:00.000Z", "created": "2021-01-11T06:40:09.930+0000", "hostId": null, "operatingSystem": "Microsoft Windows 10 Pro 10.0.10586 N/A Build 10586", "tags": [ "7508831", "7526815", "7593230" ], "assetType": "HOST", "system": { "lastBoot": "2019-07-23T11:01:00.000Z" }, "ec2": null, "lastLoggedOnUser": ".\\Administrator", "netbiosName": "WIN10-122", "name": "WIN10-122", "agentVersion": "3.0.0.101", "updated": "2021-01-11T06:40:09.930+0000" }, "fileContentHash": null, "reputationStatus": null, "registryPath": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options", "registryName": "Data", "oldRegistryValueType": "REG_MULTI_SZ", "oldRegistryValueContent": [ "Multvalue string", "Multvalue string" ], "newRegistryValueType": "REG_MULTI_SZ", "newRegistryValueContent": [ "Multvalue string1", "Multvalue string2" ], "class": "Registry" }