Raw Data

Follow the steps below to see the raw data.

  1. Go to the Log Activity tab >Advance Search field.
  2. In the Advance Search field, post the sample AQL below.

    For more AQLs, please check the Troubleshooting section in this guide.

     As per IBM QRadar's upgrade to QRadar® 7.4.3, some Custom Event Properties are renamed and merged with default custom properties. Refer to Alias properties created for custom properties.

    Use the following query if your QRadar version is 7.4.3 and above QRadar family:

    SELECT "User ID" , "Source Hostname" , "Asset Name" , "Event UUID" ,"Event Alert" , "Severity Level" , "Process Name" , "Process Id" ,"Absolute File Path" from events WHERE LOGSOURCENAME(logsourceid) ='QualysFimMultiline'

    Use the following query if your QRadar version is 7.3.3 QRadar family:

    SELECT "User ID" , "Source Host Name" , "Asset Name" , "Event UUID" ,"Event Alert" , "Severity Level" , "Process Name" , "Process Id" ,
    "Absolute File Path" from events WHERE LOGSOURCENAME(logsourceid) ='QualysFimMultiline'

  3. Select the date range for which you want to see the data.

  4. Click Search.

Depending on the results, you can change the date-time range to widen or shorten your search span. You can also execute your own AQL queries to find more appropriate data. Refer to fields in Qualys FIM JSON or Qualys FIM INCIDENTS log source type of DSM Editor to know the Qualys fields.

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy.