Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiSIEM Discussions
- Fortinet Community
- Community Groups
- FortiSIEM
- Discussions
- Configuring API Data Collection and Integration in...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Configuring API Data Collection and Integration in FortiSIEM
Hello,
I need to set up an hourly data collection process from multiple APIs and ingest the data as events into FortiSIEM as a part of new integration. Could you please help with the following:
- How can users configure data collection (e.g., adding API keys, base URL, etc.) within FortiSIEM?
- How do we write and integrate a custom script for this API data collection in FortiSIEM?
- Which programming language is recommended for writing the script?
- How do we create parsers for processing JSON data returned by the API?
Any insights or resources for this process would be greatly appreciated.
Thanks!
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @mshah,
Have a look at this document: https://docs.fortinet.com/document/fortisiem/7.2.5/external-systems-configuration-guide/412973
I think this is what you look for with API-polling.
For the result, you will have to write a parser. There is a self-paced parser training available at training.fortinet.com which really helps understanding how to proceed here.
Best,
Christian
FCX #003451 | Fortinet Advanced Partner
FCX #003451 | Fortinet Advanced Partner
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hii, @Secusaurus Thanks for your quick answer. I will check the document which you shared and get back to you if I have any doubts for it.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hii @Secusaurus,
Thanks for your response. My use case involves multiple API endpoints that share the same base URL. Based on the documentation you provided, it seems that each endpoint would need to be configured individually. Is there a way to streamline this process so that the user only needs to input the base URL once? Specifically, I’m looking for a way to write a script that takes basic inputs like the base URL, API token, pull interval from fortiSIEM UI from user and automatically parses the API response, storing it as events in FortiSIEM.
Would appreciate any guidance or suggestions!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @mshah,
From my knowledge, there is no option to do multiple requests from one setup. I would solve this with a small webserver in-between (in the segment of the supervisor/workers) that just collects multiple information with that one request, but this obviously is a workaround, not a solution.
Would be a nice feature request, though.
Best,
Christian
FCX #003451 | Fortinet Advanced Partner
FCX #003451 | Fortinet Advanced Partner
Announcements
Welcome to your new Fortinet Community!
You'll find your previous forum posts under "Forums"
Labels
-
FortiSIEM
166 -
Parsers
7 -
Rules
5 -
ClickHouse
4 -
fortisiem v7.2.0
4 -
FortiSIEM v6.x
4 -
integration
4 -
API
4 -
Agent Linux
3 -
database
3 -
Agent
3 -
FortiSIEM Cloud
3 -
Collector
3 -
External System Integration
3 -
FortiGate
3 -
lookuptables
2 -
FortiAnalyzer
2 -
Source Code
2 -
Collector Agent
2 -
Supervisor
2 -
FortiSiem 7.1
2 -
watchlist
2 -
SAML
2 -
Analytics & Reporting
2 -
GUI
2 -
Incidents
2 -
CMDB
2 -
Redhat 8
1 -
eventdb
1 -
Impact
1 -
"FortiSIEM Incidents"
1 -
Rocky Linux 8
1 -
Oracle Linux 8
1 -
Partnership Inquiry
1 -
lookups
1 -
o
1 -
OPManager
1 -
RBAC
1 -
User Control
1 -
Audit log
1 -
CMMC
1 -
Reference Files
1 -
Hi
1 -
cisco wsa
1 -
Audit
1 -
Report-Rules-Dashboards
1 -
FortiClient
1 -
FortiAuthenticator v5.5
1 -
upgrade
1 -
IPsec
1 -
Migration
1 -
External Connectors
1 -
LDAP
1 -
Report
1 -
Microsoft Office365
1 -
Azure
1 -
Cisco
1 -
discovery
1 -
Reference Material
1 -
Alma Linux 8
1 -
Notifications
1 -
Expressions
1 -
Architecture
1 -
FortiSASE
1 -
Status
1 -
MySQL
1 -
Internet service database
1 -
Dashboard
1 -
Usage
1 -
Certificate
1 -
enrichement
1 -
Windows Defender
1
Top Kudoed Authors
| User | Count |
|---|---|
| 71 | |
| 24 | |
| 15 | |
| 10 | |
| 10 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.