Technical Tip: Information about FortiGuard API with 3rd party SIEM

Assume that the following topology is configured. The SIEM will have the API URL configured to communicate with FortiGuard.

FortiGuard <-> API <-> SIEM.

The following information will be useful for the user:

• The feed refresh interval is 3h, no limits.
• The expected response when no new data is available should be 'empty response'.
• A 404 response could be related to network issues.
• There is no limitation once token is generated, it can be used multiple times.