Fetch Ignored Event Details
Click here to see this page in full context


Fetch Ignored Event Details API

Use this API to fetch details for an ignored event.

GET/fim/v2/events/ignore/{ignoredEventId}

Input ParametersInput Parameters

Parameter

Mandatory/Optional

Data Type

Description
eventId  Mandatory  String ID of the ignored event you want to fetch the details for

Authorization 

  Mandatory  String

Authorization token to authenticate to the Qualys Cloud Platform.

Prepend token with "Bearer" and one space. For example - Bearer authToken

Sample 1Sample 1

API Request

curl -X POST 
"<qualys_base_url>/fim/v2/events/ignore/f214c35a-441e-450a-b817-2f162add6854" 
-H 'authorization: Bearer <token>'
 -H 'content-type: application/json' 
-d @request.json

Response

{
  "dateTime": "2018-06-19T07:09:07.116+0000",
  "fullPath": "\\Device\\HarddiskVolume2\\FIM\\ProdCerts",
  "severity": 3,
  "profiles": [
    {
      "name": "Bug_Test_Profile",
      "rules": [
        {
          "severity": 3,
          "description": "",
          "id": "c9a0d542-2d00-4a34-8ffd-b07a4826739a",
          "type": "directory"
        }
      ],
      "id": "f214c35a-441e-450a-b817-2f162add6854",
      "type": "WINDOWS",
      "category": {
        "name": "PCI",
        "id": "2dab5022-2fdd-11e7-93ae-92361f002671"
      }
    }
  ],
  "type": "Directory",
  "changedAttributes": null,
  "platform": "WINDOWS",
  "oldContent": null,
  "actor": {
    "process": "Explorer.EXE",
    "processID": 312,
    "imagePath": "\\Device\\HarddiskVolume2\\Windows\\Explorer.EXE",
    "userName": "CAAUTOMATION-PC\\Administrator",
    "userID": "S-1-5-21-3436480518-4193688097-2835352598-500"
  },
  "newContent": null,
  "ignoreDate": "2018-06-19",
  "customerId": "58b888be-a90f-e3be-838d-88877aee572b",
  "name": "ProdCerts",
  "action": "Delete",
  "id": "5ca3af2b-991d-3154-acce-6ebbad2a6cc1",
  "asset": {
    "agentId": "b1362e7f-a29c-4226-a9a2-f91747f7e009",
    "interfaces": [
      {
        "hostname": "CAAUTOMATION-PC",
        "macAddress": "00:50:56:9F:FF:54",
        "address": "10.113.197.104",
        "interfaceName": "Intel(R) PRO/1000 MT Network Connection"
      }
    ],
    "lastCheckedIn": "2018-06-19T07:02:08.000Z",
    "created": 1529071987000,
    "hostId": null,
    "operatingSystem": "Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 Build 7601",
    "tags": [
      "7895614",
      "7655820",
      "7650412",
      "8072536"
    ],
    "assetType": "HOST",
    "system": {
      "lastBoot": "2018-06-14T16:29:03.000Z"
    },
    "ec2": null,
    "lastLoggedOnUser": ".\\Administrator",
    "netbiosName": "CAAUTOMATION-PC",
    "name": "CAAUTOMATION-PC",
    "agentVersion": "2.0.6.1",
    "updated": 1529391745750
  },
  "class": "Disk"
}

Sample 2Sample 2

API Request

curl -X POST 
"<qualys_base_url>/fim/v2/events/ignore/f589a105-0100-3dbb-a007-556fae7afea5"
 -H 'authorization: Bearer <token>'
 -H'content-type: application/json'

Response

{
  "dateTime": "2021-01-19T07:09:07.116+0000",
  "fullPath": "\\Device\\HarddiskVolume2\\FIM\\ProdCerts",
  "severity": 3,
  "profiles": [
    {
      "name": "Bug_Test_Profile",
      "rules": [
        {
          "severity": 3,
          "description": "",
          "id": "c9a0d542-2d00-4a34-8ffd-b07a4826739a",
          "type": "directory"
        }
      ],
      "id": "f214c35a-441e-450a-b817-2f162add6854",
      "type": "WINDOWS",
      "category": {
        "name": "PCI",
        "id": "f589a105-0100-3dbb-a007-556fae7afea5"
      }
    }
  ],
  "type": "Directory",
  "changedAttributes": null,
  "platform": "WINDOWS",
  "oldContent": null,
  "actor": {
    "process": "Explorer.EXE",
    "processID": 312,
    "imagePath": "\\Device\\HarddiskVolume2\\Windows\\Explorer.EXE",
    "userName": "CAAUTOMATION-PC\\Administrator",
    "userID": "S-1-5-21-3436480518-4193688097-2835352598-500"
  },
  "newContent": null,
  "ignoreDate": "2021-01-19",
  "customerId": "58b888be-a90f-e3be-838d-88877aee572b",
  "name": "ProdCerts",
  "action": "Create",
  "id": "5ca3af2b-991d-3154-acce-6ebbad2a6cc1",
  "asset": {
    "agentId": "b1362e7f-a29c-4226-a9a2-f91747f7e009",
    "interfaces": [
      {
        "hostname": "CAAUTOMATION-PC",
        "macAddress": "00:50:56:9F:FF:54",
        "address": "10.113.197.104",
        "interfaceName": "Intel(R) PRO/1000 MT Network Connection"
      }
    ],
    "lastCheckedIn": "2021-01-19T07:02:08.000Z",
    "created": 1529071987000,
    "hostId": null,
    "operatingSystem": "Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 Build 7601",
    "tags": [
      "7895614",
      "7655820",
      "7650412",
      "8072536"
    ],
    "assetType": "HOST",
    "system": {
      "lastBoot": "2018-06-14T16:29:03.000Z"
    },
    "ec2": null,
    "lastLoggedOnUser": ".\\Administrator",
    "netbiosName": "CAAUTOMATION-PC",
    "name": "CAAUTOMATION-PC",
    "agentVersion": "2.0.6.1",
    "updated": 1529391745750
  },
  "class": "Disk",
  "fileContentHash": "50dc26047f5572a38aa7adb4e9b140dc301ea41d1f4bed5095a1ed7fc1d03fbc",
  "reputationStatus": "KNOWN",
  "fileCertificateHash": [
    "d12bed1761e1b2c244db23cebe4185c2b0839eee",
    "7ade32c9b68b944bf291d1fcc59faef061a6d2f2"
  ],
  "trustStatus": "TRUSTED"
}

Sample 3Sample 3

API Request

curl -X POST 
"<qualys_base_url>/fim/v2/events/ignore/e115XXXX-af72-37b5-8f92-9e878bbbba53"
-H 'authorization: Bearer <token>' 
-H 'content-type: application/json'

Response

{
  "dateTime": "2021-03-05T11:28:36.455+0000",
  "fullPath": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Data",
  "type": "Value",
  "platform": "WINDOWS",
  "oldContent": null,
  "newContent": null,
  "customerId": "00XXXX-643f-f4af-8336-b253066XXXX",
  "action": "Content",
  "id": "e115XXXX-af72-37b5-8f92-9e878bbbba53",
  "severity": 3,
  "fileCertificateHash": null,
  "profiles": [
    {
      "name": "Profile Name",
      "rules": [
        {
          "severity": 3,
          "number": 1,
          "name": "Rule 1",
          "description": "Rule 1",
          "section": null,
          "id": "4282XXXX-cc33-49d8-82df-53a00e27XXXX",
          "type": "key"
        }
      ],
      "id": "f99941de-2296-4044-bfca-05aeb4575ef5",
      "type": "WINDOWS",
      "category": {
        "name": "PCI",
        "id": "2dabXXXX-2fdd-11e7-93ae-92361f00XXXX"
      }
    }
  ],
  "changedAttributes": null,
  "processedTime": "2021-03-05T05:37:30.311+0000",
  "actor": {
    "process": "reg.exe",
    "processID": 2811,
    "imagePath": "C:\\Windows\\System32\\reg.exe",
    "userName": "MSEDGEWIN10\\IEUser",
    "userID": "S-1-5-21-3461203602-4096304019-2269080069-1000"
  },
  "name": null,
  "asset": {
    "agentId": "7c99XXXX-92fa-4943-91ab-249e341dd10d",
    "interfaces": [
      {
        "hostname": "WIN10-122.WORKGROUP",
        "macAddress": "00:50:56:AA:5C:85",
        "address": "10.115.98.122",
        "interfaceName": "Intel(R) 82574L Gigabit Network Connection"
      }
    ],
    "lastCheckedIn": "2019-07-23T11:01:00.000Z",
    "created": "2021-01-11T06:40:09.930+0000",
    "hostId": null,
    "operatingSystem": "Microsoft Windows 10 Pro 10.0.10586 N/A Build 10586",
    "tags": [
      "7508831",
      "7526815",
      "7593230"
    ],
    "assetType": "HOST",
    "system": {
      "lastBoot": "2019-07-23T11:01:00.000Z"
    },
    "ec2": null,
    "lastLoggedOnUser": ".\\Administrator",
    "netbiosName": "WIN10-122",
    "name": "WIN10-122",
    "agentVersion": "3.0.0.101",
    "updated": "2021-01-11T06:40:09.930+0000"
  },
  "ignoreDate": "2021-01-12",
  "fileContentHash": null,
  "reputationStatus": null,
  "registryPath": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
  "registryName": "Data",
  "oldRegistryValueType": "REG_MULTI_SZ",
  "oldRegistryValueContent": [
    "Multvalue string",
    "Multvalue string"
  ],
  "newRegistryValueType": "REG_MULTI_SZ",
  "newRegistryValueContent": [
    "Multvalue string1",
    "Multvalue string2"
  ],
  "class": "Registry"
}