This article describes how to easily make a query via the API for an Organization in FortiSIEM. Instead of creating the query XML file manually, it is possible to create it automatically.
1) Connect on Supervisor CLI as root user and type:
Take a note of the latest directory.
2) Go to the Analytics tab and do the necessary query to do via the API.
3) On Supervisor CLI, in the same previous directory: notice that one new directory has been created.
4) Once query.xml is obtained, it is possible to copy it and keep it for the next step. Also, download the zip with the API examples from the official documentation:
It is possible to use getQueryResultsByOrg.py script in the 'events' directory, with the query.xml as an input:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.