Fetch Event Details API

Use this API to fetch details for an event. 

GET/fim/v2/events/{eventId}

Input ParametersInput Parameters

Parameter

Mandatory/
Optional

Data Type

Description

eventId Mandatory String ID of the event you want to fetch the details for.

Authorization 

 Mandatory  String

Authorization token to authenticate to the Qualys Enterprise TruRisk™ Platform.

Prepend token with "Bearer" and one space. For example - Bearer authToken

Sample 1Sample 1

API Request

curl -X GET
<qualys_base_url>/fim/v2/events/af8b4ba2-d773-307a-834b-415e6b28d31f 
-H 'authorization: Bearer <token>' 
-H'content-type: application/json'

Response

{
  "dateTime": "2018-04-25T17:33:29.806+0000",
  "fullPath": "\\Device\\HarddiskVolume2\\Windows\\System32\\config\\systemprofile\\ntuser.dat",
  "severity": 4,
  "profiles": [
    {
      "name": "Windows Profile - PCI(NJJ)",
      "rules": [
        {
          "severity": 4,
          "description": null,
          "id": "d6eb7f77-3726-47b3-90d8-3ecc8d8978e0",
          "type": "directory"
        }
      ],
      "id": "1c3b44f4-fd76-4c4d-8a4e-bebdad5fa124",
      "type": "WINDOWS",
      "category": null
    }
  ],
  "type": "File",
  "changedAttributes": [
    2,
    4,
    8,
    16
  ],
  "platform": "WINDOWS",
  "oldContent": null,
  "actor": {
    "process": "QualysAgent.exe",
    "processID": 11280,
    "imagePath": "\\Device\\HarddiskVolume2\\Program Files\\Qualys\\QualysAgent\\QualysAgent.exe",
    "userName": "NT AUTHORITY\\SYSTEM",
    "userID": "S-1-5-18"
  },
  "newContent": null,
  "customerId": "58b888be-a90f-e3be-838d-88877aee572b",
  "name": "ntuser.dat",
  "action": "Attributes",
  "attributes": {
    "old": null,
    "new": [
      "Archive"
    ]
  },
  "id": "af8b4ba2-d773-307a-834b-415e6b28d31f",
  "asset": {
    "agentId": "04b3dd30-e731-4d0d-a921-20b6b2d2997c",
    "interfaces": [
      {
        "hostname": "CAAUTOMATION-PC",
        "macAddress": "00:50:56:9F:FF:54",
        "address": "10.113.197.104",
        "interfaceName": "Intel(R) PRO/1000 MT Network Connection"
      }
    ],
    "lastCheckedIn": "2018-04-26T05:52:19.000Z",
    "created": 1523941162000,
    "hostId": null,
    "operatingSystem": "Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 Build 7601",
    "tags": [
      "7650412",
      "7655820",
      "7895614"
    ],
    "assetType": "HOST",
    "system": {
      "lastBoot": "2018-01-15T12:37:35.000Z"
    },
    "ec2": null,
    "lastLoggedOnUser": ".\\Administrator",
    "netbiosName": "CAAUTOMATION-PC",
    "name": "CAAUTOMATION-PC",
    "agentVersion": "2.0.6.1",
    "updated": 1524721941789
  },
  "class": "Disk"
}

Sample 2Sample 2

API Request

curl -X GET
<qualys_base_url>/fim/v2/events/f589a105- 0100-3dbb-a007-556fae7afea5 
-H 'authorization: Bearer ' 
-H 'content-type: application/json'

Response

{
  "dateTime": "2018-04-25T17:33:29.806+0000",
  "fullPath": "\\Device\\HarddiskVolume2\\Windows\\System32\\config\\systemprofile\\Terminator.exe",
  "severity": 4,
  "profiles": [
    {
      "name": "Windows Profile - PCI(NJJ)",
      "rules": [
        {
          "severity": 4,
          "description": null,
          "id": "d6eb7f77-3726-47b3-90d8-3ecc8d8978e0",
          "type": "directory"
        }
      ],
      "id": "f589a105-0100-3dbb-a007-556fae7afea5",
      "type": "WINDOWS",
      "category": null
    }
  ],
  "type": "File",
  "changedAttributes": [
    2,
    4,
    8,
    16
  ],
  "platform": "WINDOWS",
  "oldContent": null,
  "actor": {
    "process": "update.exe",
    "processID": 11280,
    "imagePath": "C:\\Windows\\system32\\update.exe",
    "userName": "NT AUTHORITY\\SYSTEM",
    "userID": "S-1-5-18"
  },
  "newContent": null,
  "customerId": "58b888be-a90f-e3be-838d-88877aee572b",
  "name": "Terminator.exe",
  "action": "Attributes",
  "attributes": {
    "old": null,
    "new": [
      "Archive"
    ]
  },
  "id": "af8b4ba2-d773-307a-834b-415e6b28d31f",
  "asset": {
    "agentId": "04b3dd30-e731-4d0d-a921-20b6b2d2997c",
    "interfaces": [
      {
        "hostname": "CAAUTOMATION-PC",
        "macAddress": "00:50:56:9F:FF:54",
        "address": "10.113.197.104",
        "interfaceName": "Intel(R) PRO/1000 MT Network Connection"
      }
    ],
    "lastCheckedIn": "2018-04-26T05:52:19.000Z",
    "created": 1523941162000,
    "hostId": null,
    "operatingSystem": "Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 Build 7601",
    "tags": [
      "7650412",
      "7655820",
      "7895614"
    ],
    "assetType": "HOST",
    "system": {
      "lastBoot": "2018-01-15T12:37:35.000Z"
    },
    "ec2": null,
    "lastLoggedOnUser": ".\\Administrator",
    "netbiosName": "CAAUTOMATION-PC",
    "name": "CAAUTOMATION-PC",
    "agentVersion": "2.0.6.1",
    "updated": 1524721941789
  },
  "class": "Disk",
  "fileContentHash": "50dc26047f5572a38aa7adb4e9b140dc301ea41d1f4bed5095a1ed7fc1d03fbc",
  "reputationStatus": "MALICIOUS",
  "fileCertificateHash": [
    "d12bed1761e1b2c244db23cebe4185c2b0839eee",
    "7ade32c9b68b944bf291d1fcc59faef061a6d2f2"
  ],
  "trustStatus": "UNTRUSTED"
}

Sample 3Sample 3

API Request

curl -X GET
<qualys_base_url>/fim/v2/events/e115XXXXaf72-37b5-8f92-9e878bbbba53  
-H 'authorization: Bearer <token>' 
-H'content-type: application/json'

Response

{
  "dateTime": "2021-03-05T11:28:36.455+0000",
  "fullPath": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Data",
  "type": "Value",
  "platform": "WINDOWS",
  "oldContent": null,
  "newContent": null,
  "customerId": "00XXXX-643f-f4af-8336-b253066XXXX",
  "action": "Content",
  "id": "e115XXXX-af72-37b5-8f92-9e878bbbba53",
  "severity": 3,
  "fileCertificateHash": null,
  "profiles": [
    {
      "name": "Profile Name",
      "rules": [
        {
          "severity": 3,
          "number": 1,
          "name": "Rule 1",
          "description": "Rule 1",
          "section": null,
          "id": "4282XXXX-cc33-49d8-82df-53a00e27XXXX",
          "type": "key"
        }
      ],
      "id": "f99941de-2296-4044-bfca-05aeb4575ef5",
      "type": "WINDOWS",
      "category": {
        "name": "PCI",
        "id": "2dabXXXX-2fdd-11e7-93ae-92361f00XXXX"
      }
    }
  ],
  "changedAttributes": null,
  "processedTime": "2021-03-05T05:37:30.311+0000",
  "actor": {
    "process": "reg.exe",
    "processID": 2811,
    "imagePath": "C:\\Windows\\System32\\reg.exe",
    "userName": "MSEDGEWIN10\\IEUser",
    "userID": "S-1-5-21-3461203602-4096304019-2269080069-1000"
  },
  "name": null,
  "asset": {
    "agentId": "7c99XXXX-92fa-4943-91ab-249e341dd10d",
    "interfaces": [
      {
        "hostname": "WIN10-122.WORKGROUP",
        "macAddress": "00:50:56:AA:5C:85",
        "address": "10.115.98.122",
        "interfaceName": "Intel(R) 82574L Gigabit Network Connection"
      }
    ],
    "lastCheckedIn": "2019-07-23T11:01:00.000Z",
    "created": "2021-01-11T06:40:09.930+0000",
    "hostId": null,
    "operatingSystem": "Microsoft Windows 10 Pro 10.0.10586 N/A Build 10586",
    "tags": [
      "7508831",
      "7526815",
      "7593230"
    ],
    "assetType": "HOST",
    "system": {
      "lastBoot": "2019-07-23T11:01:00.000Z"
    },
    "ec2": null,
    "lastLoggedOnUser": ".\\Administrator",
    "netbiosName": "WIN10-122",
    "name": "WIN10-122",
    "agentVersion": "3.0.0.101",
    "updated": "2021-01-11T06:40:09.930+0000"
  },
  "fileContentHash": null,
  "reputationStatus": null,
  "registryPath": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
  "registryName": "Data",
  "oldRegistryValueType": "REG_MULTI_SZ",
  "oldRegistryValueContent": [
    "Multvalue string",
    "Multvalue string"
  ],
  "newRegistryValueType": "REG_MULTI_SZ",
  "newRegistryValueContent": [
    "Multvalue string1",
    "Multvalue string2"
  ],
  "class": "Registry"
}