Get Event Count

Parameter	Mandatory/Optional	Data Type	Description
filter	Optional	String	Filter the events list by providing a query using Qualys syntax. Refer to the “How to Search” topic in the online help for assistance with creating your query. For example - dateTime:['2019-02-25T18:30:00.000Z'..'2019-02-26T18:29:59.999Z'] AND action: 'Content' For dateTime filter start date should not be lower than 2017-01-01. The processedTime filter can be used only for events generated post FIM release 2.0.2. To comply with data retention policy, the API fetches data only from the last 15 months. For more information, refer to Data Retention Policy.
groupBy	Optional	String	Group results based on certain parameters (provide comma separated list). For example - action
limit	Optional	String	Limit the number of rows fetched by the groupBy function.
sort	Optional	String	Sort the results using a Qualys token. For example - [{\"dateTime\":\"asc\"}]
interval	Optional	String	GroupBy interval for date fields. Valid values are y(year), q(quarter), M(month), w(week), d(day), h(hour), m(minute), s(second). For example - 1d An interval lower than a second is not supported. Note: Value for each interval period should be 1. For example, you can specify an interval of 1y, 1M, 1w, and so on, but not 2y, 3M, etc
incidentContext	Optional	Boolean	Search within incidents. Default is false.
incidentIds	Optional	String	List of incident IDs to be included while searching for events in incidents.
file.attribute.hidden	Optional	String	Displays attribute event for file or directory for which hidden attribute is checked or unchecked.
file.attribute.readonly	Optional	String	Displays attribute event for file or directory for which readonly attribute is checked or unchecked.
Authorization	Mandatory	String	Authorization token to authenticate to the Qualys Enterprise TruRisk™ Platform. Prepend token with "Bearer" and one space. For example - Bearer authToken

API Request

curl -X POST
<qualys_base_url>/fim/v2/events/count 
-H'authorization: Bearer <token>' 
-H 'content-type:
application/json' 
-d @request.json

Contents of request.json

{
"groupBy":["profiles.rules.type","profiles.rules.severity","profil
es.rules.id"]
}

Response

{
  "directory": {
    "1": {
      "290f7715-125b-4514-817b-7974444ac59d": 8548,
      "25e681d0-522b-4a2c-b0e6-86b25b47f77f": 7699,
      "611c3a90-1ad5-4b5b-ad88-9edd62182031": 7699,
      "3e447775-418a-424c-8279-5567a89cf811": 1455,
      "d82d238e-53a3-49b8-8e5b-a5e3244e4f07": 474,
      "ae25c204-a184-4c71-b7df-b1267692666a": 238,
      "9c10eaaf-8725-426b-8eb8-793364269b6c": 33,
      "61993871-66cb-4966-a3ab-9b3ec6066858": 1
    },
    "2": {
      "df74b8e2-704b-419e-818e-3c7f4e4a2838": 49274,
      "c9a0d542-2d00-4a34-8ffd-b07a4826739a": 49274,
      "9ca5cb5e-f638-4c9f-b007-fa2a37e1fc49": 37664,
      "828d233b-5958-4867-bb8f-8514afd0a697": 12976,
      "8bf9c8c6-03a7-44be-9f4b-fb52ca0b14a4": 1652,
      "9e923f5d-85b1-42eb-beba-2021e56609af": 698,
      "838a1bd0-910b-467a-88d0-ab5fa7ac9ba6": 28,
      "0a514a18-6ee0-47c1-98da-071a5c0b3dd6": 28,
      "df742229-0abd-4038-b39c-1e99b4c97273": 26,
      "69482025-4b82-4c68-8e36-16ddd4cfbe69": 14
    },
    "3": {
      "e8b4dc7b-3450-4cb2-a265-2d49534a7c62": 1760,
      "b7518092-541a-432e-81d6-8bdba04eead4": 1277,
      "94963cf2-e01d-44da-a320-9ce6b832670f": 942,
      "9bed868e-750c-4b5b-841a-5827d4d2186a": 395,
      "158a1aad-bd57-4a35-8fee-937181bce082": 364,
      "9d9ce724-a0ba-42f0-9305-1019d57b9024": 296,
      "c996ebc2-2915-4ef3-a518-bfbabac16e03": 239,
      "c9a0d542-2d00-4a34-8ffd-b07a4826739a": 49,
      "df742229-0abd-4038-b39c-1e99b4c97273": 26,
      "df74b8e2-704b-419e-818e-3c7f4e4a2838": 26
    },
    "4": {
      "29724aad-2279-4664-bf1e-a4e5cdf458f8": 8912801,
      "37118a46-f57f-4db4-8f90-b3ddd9d27796": 214872,
      "9287a14c-8036-4403-af88-f98ae8f920fb": 79785,
      "04aebb37-c9b1-4b19-a6e0-aefe1035bbeb": 63629,
      "e75ceb46-5d15-4562-9825-13a9378722b8": 55542,
      "67988adf-9af9-4623-8a92-097e46dadcec": 28026,
      "881e9489-2c12-4182-a790-4d40808ac2ad": 24935,
      "7af95303-9cf8-477b-980c-1dc52003ae28": 24387,
      "304501ca-f8a6-4190-a752-2fbf21c0613b": 22169,
      "939cd6a9-f651-4a2e-aa9d-395afab04592": 19797
    },
    "5": {
      "97e14351-ba9e-4af3-bca9-643c3d7c3410": 493263,
      "fecc66e3-bb79-460e-8b26-11dd82799e14": 136166,
      "3c167cbb-ef59-43ce-8a38-95ccc6a9d93e": 109226,
      "c9a0d542-2d00-4a34-8ffd-b07a4826739a": 49283,
      "df74b8e2-704b-419e-818e-3c7f4e4a2838": 49274,
      "9ca5cb5e-f638-4c9f-b007-fa2a37e1fc49": 37664,
      "1bdb2e8b-3de0-4ec5-9d7a-dc1926919612": 29212,
      "f7c18f88-f94e-4060-a7ef-7475f47af9a5": 19651,
      "637df747-9b6e-43e3-a4ac-d3c50277ba38": 17145,
      "f8d2340e-7efb-4cb9-8273-edeb4403f7c6": 16584
    }
  },
  "file": {
    "1": {
      "ae25c204-a184-4c71-b7df-b1267692666a": 14,
      "57fd59b2-c0ca-47bb-96b2-9cd0119e33bb": 14
    },
    "3": {
      "57fd59b2-c0ca-47bb-96b2-9cd0119e33bb": 2,
      "9ad7a143-b2e4-440f-be68-26042c0f8e3f": 2,
      "ae25c204-a184-4c71-b7df-b1267692666a": 2,
      "80bda0f3-a37b-40c3-af41-ed51eb70da7e": 1
    },
    "4": {
      "80bda0f3-a37b-40c3-af41-ed51eb70da7e": 145,
      "fe0b4a7e-cbb0-4589-9d2e-0867afbf1d4f": 144,
      "1a087a1d-001a-49a2-91c8-ac7127eced84": 3,
      "9ad7a143-b2e4-440f-be68-26042c0f8e3f": 1
    },
    "5": {
      "fe0b4a7e-cbb0-4589-9d2e-0867afbf1d4f": 144,
      "80bda0f3-a37b-40c3-af41-ed51eb70da7e": 144,
      "8be4e5fd-cf77-4ca6-a7a7-3ada1c15067a": 19,
      "57fd59b2-c0ca-47bb-96b2-9cd0119e33bb": 17,
      "ae25c204-a184-4c71-b7df-b1267692666a": 16,
      "f21d22c0-6954-4b71-ab6e-7c8d5b673d2f": 1,
      "d12c2959-c695-418f-8706-6a9a0eca7bc0": 1,
      "ec356ca7-9800-4e28-8491-4deb29be14ce": 1
    }
  }
}

API Request:

curl -X POST 
<qualys_base_url>/fim/v2/events/count
-H 'authorization: Bearer <token>' 
-H 'content-type: 
application/json' -d @request.json

Contents of Request.json:

 {
      "groupBy":["file.attribute.hidden"]
     }

Response:

 {
"Added": 13,
"Removed": 3
}