File Integrity Monitoring Release 4.7 API
June 11, 2025
Before understanding the API release highlights, learn more about the API server URL to be used in your API requests by referring to the Know Your Qualys API Server URL section. For this API Release Notes, <qualys_base_url> is mentioned in the sample API requests.
Qualys Data Retention Policy in FIM APIs
To comply with the Qualys data retention policy, the FIM Incident APIs response now only includes incidents created within the last 15 months from the current date. An error response is received if you request data older than 15 months.
This change does not affect the API request body.
The FIM Incident APIs affected by the data retention policy are listed below.
| API | Endpoint |
|---|---|
| Fetch Incident Count API | /fim/v2/incidents/count |
| Approve Incidents API | /fim/v3/incidents/{incidentId}/approve |
| Fetch Incidents API | /fim/v3/incidents/search |
| Get Event Count for an Incident API | /fim/v2/incidents/{incidentId}/events/count |
| Fetch Events for an Incident API | /fim/v2/incidents/{incidentId}/events/search |
For more information on the above APIs, refer to FIM API User Guide.
Examples
Fetching Incidents Older Than 15 Months:
If you attempt to fetch an incident created more than 15 months ago by providing the filterToDate filter in the request, the response indicates that there are no incidents within the last 15 months and returns a blank array.
See the sample below where the end date ('2024-02-1T18:29:59.999Z') in the filterToDate filter is older than 15 months from the current date. As a result, the response is an blank array.
Sample: Fetching an Incident created 15 months agoSample: Fetching an Incident created 15 months ago
API Request
curl -X POST
'<qualys_base_url>/fim/v3/incidents/search'
--header 'Authorization: Bearer <authToken>'
--header 'Content-Type: application/json'
--data-raw '{
"filter": "filterToDate:['2023-09-09T18:30:00.000Z'..'2024-02-1T18:29:59.999Z']"
}'
Response
[]
Fetching Events Within an Incident:
If you attempt to fetch events or the event count for an incident using a timestamp filter such as processedTime and dateTime and the events within the incident are older than 15 months, the response will indicate that no events are available within the last 15 months and the count is 0.
See the sample below where the end date ('2024-02-1T18:29:59.999Z') in the processedTime filter is older than 15 months from the current date. As a result, the event count in the response is 0.
API Request
curl -X POST '<qualys_base_url>/fim/v2/incidents/{incidentId}/events/count' --header 'Authorization: Bearer <authToken>' --header 'Content-Type: application/json' --data-raw '{ "filter":"processedTime:['2023-09-09T18:30:00.000Z'..'2024-02-1T18:29:59.999Z']"}'
Response
{
"count": 0
}