Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FNC Python Library

    Home FortiNDR Cloud 2024.10.0 FNC Python Library
    2024.10.0
    2024.10.0

    Fetching Events

    Fetching Events

    There are several methods to fetch events exposed by the Metastream client. All of them, among other arguments, require a context and the event type needs to be retrieved. The whole list of supported event types can be retrieved using the fetch_event_types method shown in section Fetch Event Types. The context shown in Metastream Context is used to store specific session wide data such as metrics, checkpoint and the time window of historical data to be retrieved.

    Metastream Context

    The context used by the Metastream client provides information about what was already retrieved and what needs to be retrieved as well as some statistic information. It holds three pieces of information:

    Attribute

    Type

    Description

    checkpoint

    string

    The value contained in the checkpoint, was the end_date in the last performed search. It must be used as the start date for the next call of the fetching method. The checkpoint is updated every time the fetching method is called.

    history

    dictionary

    The FncClient Library allows you to pull historical data when fetching events. However, it is possible that the amount of historical information is too big that it causes delays on the retrieval of current data. To avoid this delay, the client library allows you to split the context in historical and current data. This way current data and historical data can be retrieved separately.

    api_calls,

    file_downloads

    int

    While fetching events, the statistical information of the number of API calls and downloaded files is updated in the context.

    Splitting Historical and Current Data

    The client library provides a method (get_splitted_context) that provide two context one with the history value set to pull data from the provided start_date up to now and a second one without history value and the checkpoint set to now. In this way we can pull the historical data using the first context while pulling the current data using the second one.

    Example:
    # Split the poling interval in history and current
h_context, context = client.get_splitted_context(start_date_str = <start_date of the history>)

    Fetch Event Types

    The fetch_event_types() method can be used to retrieve a list of supported event types. This function does not receive any argument and return a list of strings in which every element is an event type.

    Example:

    The code below will print the list of supported event types.

    from fnc.metastream import FncMetastreamClient
from fnc.errors import FncClientError
from fnc.fnc_client import FncClient

client_name = ''
access_key = ''
secret_key = ''
account_code = ''
bucket_name = ''
log_level = None

try: 
    client: FncMetastreamClient = FncClient.get_metastream_client(
      name= client_name, 
      access_key= access_key, 
      secret_key= secret_key, 
      account_code = account_code, 
      bucket_name= bucket_name
    ) 

    client.get_logger().set_level(level=log_level) 

     print(f'The supported event types are: {client.fetch_event_types()}') 

except FncClientError as e: 
    client.get_logger().error(e)
    Previous
    Next

    Fetching Events

    Fetching Events

    There are several methods to fetch events exposed by the Metastream client. All of them, among other arguments, require a context and the event type needs to be retrieved. The whole list of supported event types can be retrieved using the fetch_event_types method shown in section Fetch Event Types. The context shown in Metastream Context is used to store specific session wide data such as metrics, checkpoint and the time window of historical data to be retrieved.

    Metastream Context

    The context used by the Metastream client provides information about what was already retrieved and what needs to be retrieved as well as some statistic information. It holds three pieces of information:

    Attribute

    Type

    Description

    checkpoint

    string

    The value contained in the checkpoint, was the end_date in the last performed search. It must be used as the start date for the next call of the fetching method. The checkpoint is updated every time the fetching method is called.

    history

    dictionary

    The FncClient Library allows you to pull historical data when fetching events. However, it is possible that the amount of historical information is too big that it causes delays on the retrieval of current data. To avoid this delay, the client library allows you to split the context in historical and current data. This way current data and historical data can be retrieved separately.

    api_calls,

    file_downloads

    int

    While fetching events, the statistical information of the number of API calls and downloaded files is updated in the context.

    Splitting Historical and Current Data

    The client library provides a method (get_splitted_context) that provide two context one with the history value set to pull data from the provided start_date up to now and a second one without history value and the checkpoint set to now. In this way we can pull the historical data using the first context while pulling the current data using the second one.

    Example:
    # Split the poling interval in history and current
h_context, context = client.get_splitted_context(start_date_str = <start_date of the history>)

    Fetch Event Types

    The fetch_event_types() method can be used to retrieve a list of supported event types. This function does not receive any argument and return a list of strings in which every element is an event type.

    Example:

    The code below will print the list of supported event types.

    from fnc.metastream import FncMetastreamClient
from fnc.errors import FncClientError
from fnc.fnc_client import FncClient

client_name = ''
access_key = ''
secret_key = ''
account_code = ''
bucket_name = ''
log_level = None

try: 
    client: FncMetastreamClient = FncClient.get_metastream_client(
      name= client_name, 
      access_key= access_key, 
      secret_key= secret_key, 
      account_code = account_code, 
      bucket_name= bucket_name
    ) 

    client.get_logger().set_level(level=log_level) 

     print(f'The supported event types are: {client.fetch_event_types()}') 

except FncClientError as e: 
    client.get_logger().error(e)
    Previous
    Next