Get Event  Count API

Use this API to get the number of FIM events logged.

POST/fim/v2/events/count

Input ParametersInput Parameters

Parameter

Mandatory/Optional

Data Type

Description

filter 

 Optional  String

Filter the events list by providing a query using Qualys syntax. Refer to the “How to Search” topic in the online help for assistance with creating your query.
For example - dateTime:['2019-02-25T18:30:00.000Z'..'2019-02-26T18:29:59.999Z'] AND action: 'Content'

 

  • For dateTime filter start date should not be lower than 2017-01-01.
  • The processedTime filter can be used only for events generated post FIM release 2.0.2.
  • To comply with data retention policy, the API fetches data only from the last 15 months. For more information, refer to Data Retention Policy.

groupBy 

 Optional  String

Group results based on certain parameters (provide comma separated list).

For example - action

limit  Optional  String Limit the number of rows fetched by the groupBy function.

sort 

 Optional  String Sort the results using a Qualys token. For example - [{\"dateTime\":\"asc\"}]
interval  Optional  String

GroupBy interval for date fields. Valid values are y(year), q(quarter), M(month), w(week), d(day), h(hour), m(minute), s(second). For example - 1d

An interval lower than a second is not supported.

Note: Value for each interval period should be 1. For example, you can specify an interval of 1y, 1M, 1w, and so on, but not 2y, 3M, etc

incidentContext  Optional  Boolean

Search within incidents. Default is false.

incidentIds Optional String List of incident IDs to be included while searching for events in incidents.
file.attribute.hidden Optional String Displays attribute event for file or directory for which hidden attribute is checked or unchecked.
file.attribute.readonly Optional String Displays attribute event for file or directory for which readonly attribute is checked or unchecked.

Authorization 

 Mandatory  String

Authorization token to authenticate to the Qualys Cloud Platform.

Prepend token with "Bearer" and one space. For example - Bearer authToken

Sample 1Sample 1

API Request

curl -X POST
<qualys_base_url>/fim/v2/events/count 
-H'authorization: Bearer <token>' 
-H 'content-type:
application/json' 
-d @request.json

Contents of request.json

{
"groupBy":["profiles.rules.type","profiles.rules.severity","profil
es.rules.id"]
}

Response

{
  "directory": {
    "1": {
      "290f7715-125b-4514-817b-7974444ac59d": 8548,
      "25e681d0-522b-4a2c-b0e6-86b25b47f77f": 7699,
      "611c3a90-1ad5-4b5b-ad88-9edd62182031": 7699,
      "3e447775-418a-424c-8279-5567a89cf811": 1455,
      "d82d238e-53a3-49b8-8e5b-a5e3244e4f07": 474,
      "ae25c204-a184-4c71-b7df-b1267692666a": 238,
      "9c10eaaf-8725-426b-8eb8-793364269b6c": 33,
      "61993871-66cb-4966-a3ab-9b3ec6066858": 1
    },
    "2": {
      "df74b8e2-704b-419e-818e-3c7f4e4a2838": 49274,
      "c9a0d542-2d00-4a34-8ffd-b07a4826739a": 49274,
      "9ca5cb5e-f638-4c9f-b007-fa2a37e1fc49": 37664,
      "828d233b-5958-4867-bb8f-8514afd0a697": 12976,
      "8bf9c8c6-03a7-44be-9f4b-fb52ca0b14a4": 1652,
      "9e923f5d-85b1-42eb-beba-2021e56609af": 698,
      "838a1bd0-910b-467a-88d0-ab5fa7ac9ba6": 28,
      "0a514a18-6ee0-47c1-98da-071a5c0b3dd6": 28,
      "df742229-0abd-4038-b39c-1e99b4c97273": 26,
      "69482025-4b82-4c68-8e36-16ddd4cfbe69": 14
    },
    "3": {
      "e8b4dc7b-3450-4cb2-a265-2d49534a7c62": 1760,
      "b7518092-541a-432e-81d6-8bdba04eead4": 1277,
      "94963cf2-e01d-44da-a320-9ce6b832670f": 942,
      "9bed868e-750c-4b5b-841a-5827d4d2186a": 395,
      "158a1aad-bd57-4a35-8fee-937181bce082": 364,
      "9d9ce724-a0ba-42f0-9305-1019d57b9024": 296,
      "c996ebc2-2915-4ef3-a518-bfbabac16e03": 239,
      "c9a0d542-2d00-4a34-8ffd-b07a4826739a": 49,
      "df742229-0abd-4038-b39c-1e99b4c97273": 26,
      "df74b8e2-704b-419e-818e-3c7f4e4a2838": 26
    },
    "4": {
      "29724aad-2279-4664-bf1e-a4e5cdf458f8": 8912801,
      "37118a46-f57f-4db4-8f90-b3ddd9d27796": 214872,
      "9287a14c-8036-4403-af88-f98ae8f920fb": 79785,
      "04aebb37-c9b1-4b19-a6e0-aefe1035bbeb": 63629,
      "e75ceb46-5d15-4562-9825-13a9378722b8": 55542,
      "67988adf-9af9-4623-8a92-097e46dadcec": 28026,
      "881e9489-2c12-4182-a790-4d40808ac2ad": 24935,
      "7af95303-9cf8-477b-980c-1dc52003ae28": 24387,
      "304501ca-f8a6-4190-a752-2fbf21c0613b": 22169,
      "939cd6a9-f651-4a2e-aa9d-395afab04592": 19797
    },
    "5": {
      "97e14351-ba9e-4af3-bca9-643c3d7c3410": 493263,
      "fecc66e3-bb79-460e-8b26-11dd82799e14": 136166,
      "3c167cbb-ef59-43ce-8a38-95ccc6a9d93e": 109226,
      "c9a0d542-2d00-4a34-8ffd-b07a4826739a": 49283,
      "df74b8e2-704b-419e-818e-3c7f4e4a2838": 49274,
      "9ca5cb5e-f638-4c9f-b007-fa2a37e1fc49": 37664,
      "1bdb2e8b-3de0-4ec5-9d7a-dc1926919612": 29212,
      "f7c18f88-f94e-4060-a7ef-7475f47af9a5": 19651,
      "637df747-9b6e-43e3-a4ac-d3c50277ba38": 17145,
      "f8d2340e-7efb-4cb9-8273-edeb4403f7c6": 16584
    }
  },
  "file": {
    "1": {
      "ae25c204-a184-4c71-b7df-b1267692666a": 14,
      "57fd59b2-c0ca-47bb-96b2-9cd0119e33bb": 14
    },
    "3": {
      "57fd59b2-c0ca-47bb-96b2-9cd0119e33bb": 2,
      "9ad7a143-b2e4-440f-be68-26042c0f8e3f": 2,
      "ae25c204-a184-4c71-b7df-b1267692666a": 2,
      "80bda0f3-a37b-40c3-af41-ed51eb70da7e": 1
    },
    "4": {
      "80bda0f3-a37b-40c3-af41-ed51eb70da7e": 145,
      "fe0b4a7e-cbb0-4589-9d2e-0867afbf1d4f": 144,
      "1a087a1d-001a-49a2-91c8-ac7127eced84": 3,
      "9ad7a143-b2e4-440f-be68-26042c0f8e3f": 1
    },
    "5": {
      "fe0b4a7e-cbb0-4589-9d2e-0867afbf1d4f": 144,
      "80bda0f3-a37b-40c3-af41-ed51eb70da7e": 144,
      "8be4e5fd-cf77-4ca6-a7a7-3ada1c15067a": 19,
      "57fd59b2-c0ca-47bb-96b2-9cd0119e33bb": 17,
      "ae25c204-a184-4c71-b7df-b1267692666a": 16,
      "f21d22c0-6954-4b71-ab6e-7c8d5b673d2f": 1,
      "d12c2959-c695-418f-8706-6a9a0eca7bc0": 1,
      "ec356ca7-9800-4e28-8491-4deb29be14ce": 1
    }
  }
}

Sample 2Sample 2

API Request:

curl -X POST 
<qualys_base_url>/fim/v2/events/count
-H 'authorization: Bearer <token>' 
-H 'content-type: 
application/json' -d @request.json

Contents of Request.json:

 {
      "groupBy":["file.attribute.hidden"]
     }

Response:

 {
"Added": 13,
"Removed": 3
}