File Integrity Monitoring Release 4.6 API
May 05, 2025
Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.
JWT Token Generation
You can generate the JWT access token by providing the client ID and client secret key in the following API request headers.
For more information on client ID and client secret key, refer to Support for Auth ID Client Management from UI.
JWT Access Token RequestJWT Access Token Request
API Request
curl -X POST
'<qualys_base_url>/auth/oidc'
--header 'clientSecret: wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
--header 'clientId: 123e4567-e89b-12d3-a456-426614174000'
--data-raw ''Response
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.
eyJzdWIiOiJjbGllbnQxMjM0NTYiLCJzYwZXM
iOlsiYXBpLnJlYWQiLCJhcGkud3JpdGUiXSwi
aXNzIjoiaHR0cHM6Ly9kdW1teS1hdXRoLmNvb
SIsImV4cCI6MTcwMDAwMDAwMH0.SdXn3I6yTb-
JNk9LPjR8W9xAtH7dN3Mqf3HdJ5WnRfE
Once the JWT access token is successfully generated, you can use it to authenticate your API requests. Include the token in the Authorization header of API requests.
The system validates the JWT token and authorize the request based on the user's permissions. See the below example, where a user with API access calls an API to fetch FIM incidents.
Example API: Fetch IncidentsExample API: Fetch Incidents
API Request
curl -X POST
'<qualys_base_url>/fim/v3/incidents/search'
--header 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6Ik.......'
--header 'Content-Type: application/json'
--data-raw '{
"filter": "status:CLOSED",
"sort": [
{
"dateTime": "desc"
}
]
}'
Response
[
{
"sortValues": [
1728882000000
],
"data": {
"slaDurationKey": null,
"approvalDate": "2024-10-15T05:14:14.888+0000",
"approvalType": "MANUAL",
"markupStatus": "COMPLETED",
"type": "AUTOMATED",
"slaViolationDate": null,
"filterFromDate": "2024-10-14T05:00:00.000+0000",
"customerId": "25a14e60-80c1-4c25-8166-6653a4e2b094",
"ruleName": "test_4April",
"id": "486c1675-c752-4f5e-b34d-4b63774d252d",
"ruleId": "23db69b0-0876-48a2-bdf5-058913585bbb",
"approvalStatus": "APPROVED",
"marked": true,
"lastUpdatedBy": {
"date": 1728890505670,
"user": {
"name": "FIM Automation",
"id": "51fbdb4b-5fb5-fdf6-8141-5a7887ec557b"
}
},
"filterToDate": "2024-10-14T21:29:00.000+0000",
"assignDate": "2024-10-14T06:07:12.894+0000",
"changeType": "MANUAL",
"filters":
[
"dateTime: ['2024-10-14T05:00:00.000Z'..'
2024-10-14T21:29:00.000Z'] and (action:Create )"
],
"reviewedBy": {
"date": 1728969254876,
"user": {
"name": "FIM Automation",
"id": "51fbdb4b-5fb5-fdf6-8141-5a7887ec557b"
}
},
"reviewers": [
"john_doe",
"johndoe",
"johnsmith@qualys.com"
],
"slaDurationValue": 0,
"deleted": false,
"createdBy": {
"date": 1728886032875,
"user": {
"name": "FIM Automation",
"id": "51fbdb4b-5fb5-fdf6-8141-5a7887ec557b"
}
},
"slaRequired": false,
"name": "test_4April-20241014-060712",
"comment": "Events under this incident have been reviewed ",
"dispositionCategory": "PATCHING",
"status": "CLOSED"
}
}
]