Use this API to get FIM events that are ignored.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
|
filter |
Optional | String |
Filter the events list by providing a query using Qualys syntax. Refer to the “How to Search” topic in the online help for assistance with creating your query.
|
| pageNumber | Optional | String | The page to be returned. Starts from zero. |
| pageSize | Optional | String | The number of records per page to be included in the response. Default is 10. |
|
sort |
Optional | String | Sort the results using a Qualys token. For example - [{\"dateTime\":\"asc\"}] |
| file.attribute.hidden | Optional | String | Displays attribute event for file or directory for which hidden attribute is checked or unchecked. |
| file.attribute.readonly | Optional | String | Displays attribute event for file or directory for which readonly attribute is checked or unchecked. |
|
Authorization |
Mandatory | String |
Authorization token to authenticate to the Qualys Cloud Platform. Prepend token with "Bearer" and one space. For example - Bearer authToken |
API Request
curl -X POST "<qualys_base_url>/fim/v2/events/ignore/search -H 'authorization: Bearer ' -H 'content-type: application/json' -d @request.json"
Contents of request.json:
{
"pageSize": 1,
"filter": "dateTime:['2018-06-25T18:30:00.000Z'..'2019-02-20T18:29:59.999Z']"
}Response
[
{
"sortValues": [],
"data": {
"dateTime": "2018-07-12T15:19:33.704+0000",
"fullPath": "\\Device\\HarddiskVolume2\\FIM\\MobaXterm_installer.msi",
"severity": 5,
"profiles": [
{
"name": "Bug_Test_1",
"rules": [
{
"severity": 2,
"description": "",
"id": "df74b8e2-704b-419e-818e-3c7f4e4a2838",
"type": "directory"
}
],
"id": "a0f61a71-fc03-4d9e-a234-fb39afa35d66",
"type": "WINDOWS",
"category": {
"name": "PCI",
"id": "2dab5022-2fdd-11e7-93ae-92361f002671"
}
},
{
"name": "Bug_Test_Profile",
"rules": [
{
"severity": 5,
"description": "",
"id": "c9a0d542-2d00-4a34-8ffd-b07a4826739a",
"type": "directory"
}
],
"id": "f214c35a-441e-450a-b817-2f162add6854",
"type": "WINDOWS",
"category": {
"name": "PCI",
"id": "2dab5022-2fdd-11e7-93ae-92361f002671"
}
}
],
"type": "File",
"changedAttributes": null,
"platform": "WINDOWS",
"oldContent": null,
"actor": {
"process": "Explorer.EXE",
"processID": 312,
"imagePath": "\\Device\\HarddiskVolume2\\Windows\\Explorer.EXE",
"userName": "CAAUTOMATION-PC\\Administrator",
"userID": "S-1-5-21-3436480518-4193688097-2835352598-500"
},
"newContent": null,
"ignoreDate": "2018-07-24",
"customerId": "58b888be-a90f-e3be-838d-88877aee572b",
"name": "MobaXterm_installer.msi",
"action": "Delete",
"id": "c6d7929c-85cb-3791-b6ed-2bcd9a7682cb",
"asset": {
"agentId": "fe94430f-f12c-4c6d-a9c2-a660049d69e5",
"interfaces": [
{
"hostname": "CAAUTOMATION-PC",
"macAddress": "00:50:56:9F:FF:54",
"address": "10.113.197.104",
"interfaceName": "Intel(R) PRO/1000 MT Network Connection"
}
],
"lastCheckedIn": "2018-07-12T15:07:23.000Z",
"created": 1531195694000,
"hostId": null,
"operatingSystem": "Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 Build 7601",
"tags": [
"8072536",
"7895614",
"7655820",
"7650412"
],
"assetType": "HOST",
"system": {
"lastBoot": "2018-06-14T16:29:03.000Z"
},
"ec2": null,
"lastLoggedOnUser": ".\\Administrator",
"netbiosName": "CAAUTOMATION-PC",
"name": "IOC-104",
"agentVersion": "2.0.6.1",
"updated": 1531408044017
},
"class": "Disk"
}
}
]API Request
curl -X POST
<qualys_base_url>/fim/v2/events/ignore/search
-H'authorization: Bearer <token>'
-H 'content-type:application/json' -d @request.json
Contents of request.json:
{
"pageSize": 100,
"filter": "reputationStatus: MALICIOUS"
}Response
{
"dateTime": "2021-01-19T07:09:07.116+0000",
"fullPath": "\\Device\\HarddiskVolume2\\FIM\\ProdCerts",
"severity": 3,
"profiles": [
{
"name": "Bug_Test_Profile",
"rules": [
{
"severity": 3,
"description": "",
"id": "c9a0d542-2d00-4a34-8ffd-b07a4826739a",
"type": "directory"
}
],
"id": "f214c35a-441e-450a-b817-2f162add6854",
"type": "WINDOWS",
"category": {
"name": "PCI",
"id": "f589a105-0100-3dbb-a007-556fae7afea5"
}
}
],
"type": "Directory",
"changedAttributes": null,
"platform": "WINDOWS",
"oldContent": null,
"actor": {
"process": "Explorer.EXE",
"processID": 312,
"imagePath": "\\Device\\HarddiskVolume2\\Windows\\Explorer.EXE",
"userName": "CAAUTOMATION-PC\\Administrator",
"userID": "S-1-5-21-3436480518-4193688097-2835352598-500"
},
"newContent": null,
"ignoreDate": "2021-01-19",
"customerId": "58b888be-a90f-e3be-838d-88877aee572b",
"name": "ProdCerts",
"action": "Create",
"id": "5ca3af2b-991d-3154-acce-6ebbad2a6cc1",
"asset": {
"agentId": "b1362e7f-a29c-4226-a9a2-f91747f7e009",
"interfaces": [
{
"hostname": "CAAUTOMATION-PC",
"macAddress": "00:50:56:9F:FF:54",
"address": "10.113.197.104",
"interfaceName": "Intel(R) PRO/1000 MT Network Connection"
}
],
"lastCheckedIn": "2021-01-19T07:02:08.000Z",
"created": 1529071987000,
"hostId": null,
"operatingSystem": "Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 Build 7601",
"tags": [
"7895614",
"7655820",
"7650412",
"8072536"
],
"assetType": "HOST",
"system": {
"lastBoot": "2018-06-14T16:29:03.000Z"
},
"ec2": null,
"lastLoggedOnUser": ".\\Administrator",
"netbiosName": "CAAUTOMATION-PC",
"name": "CAAUTOMATION-PC",
"agentVersion": "2.0.6.1",
"updated": 1529391745750
},
"class": "Disk",
"fileContentHash": "50dc26047f5572a38aa7adb4e9b140dc301ea41d1f4bed5095a1ed7fc1d03fbc",
"reputationStatus": "KNOWN",
"fileCertificateHash": [
"d12bed1761e1b2c244db23cebe4185c2b0839eee",
"7ade32c9b68b944bf291d1fcc59faef061a6d2f2"
],
"trustStatus": "TRUSTED"
}
API Request
curl -X POST
"<qualys_base_url>/fim/v2/events/ignore/search
-H'authorization: Bearer <token>'
-H 'content-type:application/json'
-d @request.json
Contents of request.json:
{
"pageSize": 100,
"filter": "registryKey.name: Data"
}Response
[
{
"sortValues": [],
"data": {
"dateTime": "2021-03-05T11:28:36.455+0000",
"fullPath": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Data",
"type": "Value",
"platform": "WINDOWS",
"oldContent": null,
"newContent": null,
"customerId": "00XXXX-643f-f4af-8336-b253066XXXX",
"action": "Content",
"id": "e115XXXX-af72-37b5-8f92-9e878bbbba53",
"severity": 3,
"fileCertificateHash": null,
"profiles": [
{
"name": "Profile Name",
"rules": [
{
"severity": 3,
"number": 1,
"name": "Rule 1",
"description": "Rule 1",
"section": null,
"id": "4282XXXX-cc33-49d8-82df-53a00e27XXXX",
"type": "key"
}
],
"id": "f99941de-2296-4044-bfca-05aeb4575ef5",
"type": "WINDOWS",
"category": {
"name": "PCI",
"id": "2dabXXXX-2fdd-11e7-93ae-92361f00XXXX"
}
}
],
"changedAttributes": null,
"processedTime": "2021-03-05T05:37:30.311+0000",
"actor": {
"process": "reg.exe",
"processID": 2811,
"imagePath": "C:\\Windows\\System32\\reg.exe",
"userName": "MSEDGEWIN10\\IEUser",
"userID": "S-1-5-21-3461203602-4096304019-2269080069-1000"
},
"name": null,
"asset": {
"agentId": "7c99XXXX-92fa-4943-91ab-249e341dd10d",
"interfaces": [
{
"hostname": "WIN10-122.WORKGROUP",
"macAddress": "00:50:56:AA:5C:85",
"address": "10.115.98.122",
"interfaceName": "Intel(R) 82574L Gigabit Network Connection"
}
],
"lastCheckedIn": "2019-07-23T11:01:00.000Z",
"created": "2021-01-11T06:40:09.930+0000",
"hostId": null,
"operatingSystem": "Microsoft Windows 10 Pro 10.0.10586 N/A Build 10586",
"tags": [
"7508831",
"7526815",
"7593230"
],
"assetType": "HOST",
"system": {
"lastBoot": "2019-07-23T11:01:00.000Z"
},
"ec2": null,
"lastLoggedOnUser": ".\\Administrator",
"netbiosName": "WIN10-122",
"name": "WIN10-122",
"agentVersion": "3.0.0.101",
"updated": "2021-01-11T06:40:09.930+0000"
},
"ignoreDate": "2021-01-12",
"fileContentHash": null,
"reputationStatus": null,
"registryPath": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
"registryName": "Data",
"oldRegistryValueType": "REG_MULTI_SZ",
"oldRegistryValueContent": [
"Multvalue string",
"Multvalue string"
],
"newRegistryValueType": "REG_MULTI_SZ",
"newRegistryValueContent": [
"Multvalue string1",
"Multvalue string2"
],
"class": "Registry"
}
}
]