User this API to get number of events logged for an incident.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
| incidentId | Mandatory | String | ID of the incident you want to fetch the events for. |
|
filter |
Optional | String |
Filter the incidents list by providing a query using Qualys syntax. Refer to the “How to Search” topic in the online help for assistance with creating your query. For example - dateTime:['2019-02-25T18:30:00.000Z'..'2019-02-26T18:29:59.999Z'] AND status:`OPEN`
|
|
groupBy |
Optional |
String |
Group results based on certain parameters (provide comma separated list). For example - action |
|
limit |
Optional | String |
Limit the number of rows fetched by the groupBy function. |
|
sort |
Optional | String |
Sort the results using a Qualys token. For example - [{\"name\":\"asc\"}] |
|
interval |
Optional |
String |
GroupBy interval for date fields. Valid values are y(year), q(quarter), M(month), w(week), d(day), h(hour), m(minute), s(second). For example - 1d An interval lower than a second is not supported. Value for each interval period should be 1. For example, you can specify an interval of 1y, 1M, 1w, and so on, but not 2y, 3M, etc. |
|
Authorization |
Mandatory |
String |
Authorization token to authenticate to the Qualys Cloud Platform. Prepend token with "Bearer" and one space. For example - Bearer authToken |
API Request
curl -X POST
<qualys_base_url>/fim/v2/incidents/{incidentId}/events/count
-H 'authorization: Bearer <token> '
-H 'content-type: application/json' -d @request.json
Contents of request.json
{
"groupBy": [
"action",
"dateTime"
],
"limit": 2
}Response
{
"Delete": {
"2019-01-01T00:00:00.000Z": 1551
},
"Attributes": {
"2019-01-01T00:00:00.000Z": 1159
}
}