Forti Analyzer

forti analyzer is a network security analytics and reporting tool that provides deep insights into log data, helping organizations manage security events efficiently forti analyzer is a comprehensive network security analysis tool that aggregates log data from fortinet devices and other syslog compatible devices the forti analyzer connector for swimlane turbine enables automated fetching of alert events and log search capabilities, enhancing monitoring and analysis of security alerts by integrating with forti analyzer, swimlane turbine users can streamline their security operations, leverage detailed insights for threat detection, and conduct efficient incident investigations without manual intervention prerequisites to effectively utilize the forti analyzer connector within swimlane turbine, ensure you have the following prerequisites custom authentication with the following parameters url the endpoint url for the forti analyzer api json rpc the version of the json rpc protocol used by forti analyzer username the username for authenticating with forti analyzer password the password associated with the provided username capabilities this connector provides the following capabilities get alerts search logs configurations fortianalyzer api authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required jsonrpc json remote procedure call string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get alerts fetches alert events from forti analyzer, allowing for monitoring and analysis of security alerts endpoint url /eventmgmt/alerts method get input argument name type required description id string optional an identifier established by the client jsonrpc string optional a string specifying the json rpc protocol version method string optional a string containing the method name to be invoked params array optional parameter for get alerts apiver number required current api version filter string optional filter expression 'event value', 'severity', 'trigger name', 'count', 'comment' and 'flags' are supported i e trigger name='local device event' and severity >= 3 limit number optional the max number of records to get (min 1, max 2000) offset number optional offset of records to get time range object optional time range for data selection end string required ending date time consider it following the timezone parameter's, adom's or fortianalyzer's timezone if timezone info is not specified within time range format 'yyyy mm dd't'hh\ mm \ ssz ' (rfc 3339) e g '2016 10 17t20 45 37 07 00 or 'yyyy mm dd hh\ mm \ ss ' e g '2016 10 17 20 45 37 ' start string required starting date time consider it following the timezone parameter's, adom's or fortianalyzer's timezone if timezone info is not specified within time range format 'yyyy mm dd't'hh\ mm \ ssz ' (rfc 3339) e g '2016 10 17t20 45 37 07 00 or 'yyyy mm dd hh\ mm \ ss ' e g '2016 10 17 20 45 37 ' timezone string optional the timezone index or name time range in request and date/time if any in response will follow this timezone url string required the resource path to alert events example /eventmgmt/adom/ /alerts session string optional the cookie of an active session in fortianalyzer output parameter type description status code number http status code of the response reason string response reason phrase example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 2 may 2024 20 37 23 gmt" }, "reason" "ok", "json body" {} } ] search logs initiates a task to search logs in forti analyzer with specified parameters, requiring a 'params' json body input endpoint url /logview/logsearch method post input argument name type required description id string optional an identifier established by the client jsonrpc string optional a string specifying the json rpc protocol version method string optional a string containing the method name to be invoked params array required a structure that holds the parameter values apiver number required current api version case sensitive boolean optional case sensitivity in filter device array required device filter for all devices in some type please use the all device id csfname string optional name of security fabric format csfname e g 'corp sf' devid string optional format devid\[vdom] e g 'fgt60c0000000001\[root]' devname string optional format devname\[vdom] e g 'fgt vancouver\[traffic]' filter string optional filter expression logtype string required the name of the logtype time order string optional sort result in descending or ascending order by time time range object required time range for log selection end string required ending date time consider it following the timezone parameter's, adom's or fortianalyzer's timezone if timezone info is not specified within time range format is 'yyyy mm dd't'hh\ mm \ ssz ' (rfc 3339) e g '2016 10 17t20 45 37 07 00 or 'yyyy mm dd hh\ mm \ ss ' e g '2016 10 17 20 45 37 ' start string required starting date time consider it following the timezone parameter's, adom's or fortianalyzer's timezone if timezone info is not specified within time range format is 'yyyy mm dd't'hh\ mm \ ssz ' (rfc 3339) e g '2016 10 17t20 45 37 07 00 or 'yyyy mm dd hh\ mm \ ss ' e g '2016 10 17 20 45 37 ' timezone string optional the timezone index or name time range in request and date/time if any in response will follow this timezone url string required the resource path to log search session string optional the cookie of an active session in fortianalyzer output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier jsonrpc string output field jsonrpc result object result of the operation tid number unique identifier example \[ { "status code" 200, "response headers" {}, "reason" "ok", "json body" { "id" "string", "jsonrpc" "2 0", "result" {} } } ] response headers header description example content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated thu, 2 may 2024 20 37 23 gmt notes to access fortianalyzer api documentation for the connector check here https //fndn fortinet net/index php?/fortiapi/175 fortianalyzer/4091/175/logview/