Cyware Orchestrate

Get the List of Monitored Devices and Attributes

This action retrieves the list of monitored devices and attributes in enterprise and service provider deployments.

Get Short Description of All Devices in an Address Range

This action provides a short description of all the devices in an address range in enterprise deployments.

Get Information about a Device

This action retrieves information about a device in enterprise deployments.

Get Agent Status for a Host

This action retrieves linux and windows agent status.

Get a List of Incidents

This action retrieves a list of incidents from the FortiSIEM database.

Fetch Trigger Events

This action retrieves triggering events from incidents.

Update Incident

This action updates the incident ticket status.

Fetch Incident with Status

This action retrieves incidents with the specified status.

Pulling State of Requested Query

This action is used for pulling state of requested query in the event and report API from the Fortinet SIEM Application.

Result of Request Query

This action is used for the result of request query via pulling query in the event and report API from the Fortinet SIEM Application.

Submit Request of Query

This action submits a request of a query in the event and report API from the Fortinet SIEM Application.

Get Details of Incident

This action retrieves the details of an incident from the Fortinet SIEM application.

Base URL

Enter the base URL to access Fortinet SIEM.

Example:

"https://forti.domain.corp"

Text

Required

Username

Enter the username.

Text

Required

Password

Enter the password.

Text

Required

Include IPs

Enter the IPs to be included.

Example:

192.168.20.1-192.168.20.100

Text

Required

Exclude IPs

Enter the IPs to be excluded.

Example:

192.168.20.20,192.168.20.25

Text

Optional

If you want all devices in the range 192.168.20.1-192.168.20.100, but want to exclude 192.168.20.20, 192.168.20.25, set include_ips to 192.168.20.1-192.168.20.100 and exclude_ips to 192.168.20.20,192.168.20.25

Device IP

Enter the device IP you want to retrieve full information about.

Example:

192.168.20.1

Text

Required

Hostname

Enter the organization ID or the hostname you wish to fetch.

Example:

"host.domain.corp"

Text

Required

Time from

Enter the timestamp from when you need to fetch incidents.

Example:

"1620677781736"

Text

Required

The value of Time from parameter should be in epoch format.

Time to

Enter the timestamp up to which you need to fetch incidents.

Example:

"1620684981736"

Text

Required

The value of Time to parameter should be in epoch format.

Incident ID

Enter the incident IDs you wish to fetch.

Example:

$LIST[8064]

List

Optional

Start

Enter from where to start fetching that incident.

Example:

1

Integer

Optional

Default value:

0

Size

Enter the size which indicates the number of incidents to fetch each time.

Integer

Optional

Default value:

100

Incident Status

Enter the incident status you would like to fetch with.

Example:

$LIST[0,1]

List

Optional

Allowed values:

Size

Enter the size which indicates how many trigger events to return.

Example:

15

Integer

Optional

Default value:

10

Incident ID

Enter the FortiSIEM incident ID.

Example:

8

Integer

Optional

Incident ID

Enter the organization ID or the hostname you wish to fetch.

Integer

Required

Incident Ticket ID

Enter the ticket ID.

Example:

"ins00456"

Text

Required

Incident Cleared Time

Enter the incident cleared time.

Example:

"1620677781736"

Text

Optional

Incident Ticket State

Enter the ticket state.

Example:

"closed"

Text

Optional

Incident User

Enter the incident user.

Example:

"user123"

Text

Optional