Events, Incidents, and Rules in FIM
With FIM, you receive real-time updates about anomalous activities that are detected. These updates are sent with complete granular details such as who-what-when-where, about the changes occurring within the scope of your monitored area. Events can be expected and authorized or unexpected and malicious. With alerts and notifications, you can make sure that nothing that is unauthorized goes unnoticed and eventually leads to a security hazard.
With the flexibility of creating correlation rules for grouping similar events together and for alerting authorized users upon an incident, you know that you are in control of security and integrity of your data. And that’s exactly what Qualys FIM does for you with the help of the ready-to-use queries for alert rules in its library. You can avail the easy-to-use, predefined set of queries in the Qualys FIM Library to create alert rules or correlation rules. The correlation rules can be used to group similar events of interest and then to receive notification for the same.
You can check out the following video tutorial on FIM events:
For information on FIM incidents, check out the following video:
Qualys Data Retention Policy
As per the Qualys data retention policy, the system maintains only 15 months of data in records. The data older than 15 months are purged from the system and thus it is not accessible. This policy is applicable to FIM Events and Incidents.
Events
The system displays only the last 15 months of events data from the current date. An error message is displayed if you attempt to search events older than 15 months.
Example:
- Scenario 1: If you select a date range from 19th December 2021 (start date) to 19th December 2024 (end/current date), the system displays data from the last 15 months, precisely from 19th September 2023 to 19th December 2024.
- Scenario 2: If you select an end date older than 15 months (such as from 20th September 2020 to 20th December 2022), the system shows an error.
Incidents
The system displays only the last 15 months of incidents data from the current date. If you attempt to search for incidents created more than 15 months ago, an error message is displayed.
Example:
If today is May 29, 2025, you can only see incidents created after February 29, 2024. Incidents created before February 29, 2024 are purged from the system.