Help
FortiEDR
FortiEDR automates the protection against advanced threats, pre and post-execution, with real time orchestrated incident response functionality.
dhamadi
Staff
Staff

Created on ‎08-31-2024 04:51 AM Edited on ‎09-03-2024 05:39 AM By Moderator

Article Id 337904

Technical Tip: Retrieving the file hash from FortiEDR events by using Rest-API

Description This article describes how to retrieve the hash of a process by using Rest-API.
Scope FortiEDR version 5 and above.
Solution

The hash of the process can be viewed from the investigation view:

 

HashFile_eventview.png

 

Some users will be required to get this value via Rest-API for automation and speed-up analysis.

The hash of the process is contained in the Raw Data JSON item. The procedure to get this data is shown below.

 

Recommended Rest-API software tool:

Postman

 

  1. The API call to get the event ID:

https://abc.test.com/management-rest/events/list-events?organization=demo

 

eventID.png

 

  1. Use the event ID to get the Raw event IDs.

    https://abc.test.com/management-rest/events/list-raw-data-items?organization=demo&eventId=764802

     

    RaweventID.png

     

     

  2. The API call to export the raw data items Json which contains the hash:

    https://abc.test.com/management-rest/events/export-raw-data-items-json?organization=demo&rawItemIds=...

     

    Hashfile_API.png

     

Related articles:

Technical Tip: Retrieving Files from Collectors by using Rest-API

Technical Tip: Tips and Tricks with Rest API and Postman 
319
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.