Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FNC Python Library

    Home FortiNDR Cloud 2024.10.0 FNC Python Library
    2024.10.0
    2024.10.0

    How to retrieve data from FortiNDR Cloud Services

    How to retrieve data from FortiNDR Cloud Services

    FortiNDR Cloud Service collects an array of information that can be imported using this library.

    • Detections:

      An alert mechanism that notifies you of events impacting your device and network. Detections allow you to quickly identify and respond to suspicious or known malicious activity in your network.

    • Events:

      FortiNDR Cloud network sensors perform deep packet inspection of all observed network traffic and extract key protocol metadata. This metadata is enriched and organized into records called Events. In addition, FortiNDR Cloud observations and Suricata detections appear as events.

    • Entities:

      FortiNDR Cloud entities are unique identifiers on the network. Entities are extracted from the event data and cataloged in their own data store. Contextual information is then added to the entities when applicable.

    • Suricata:

      A match for a single Suricata signature with details.

    • Observation:

      Observations are a result of multi-stage data pipelines that go across multiple events, do historical data lookups, draw correlations, compute several statistics and in some cases use machine learning algorithms to classify and predict outcomes.

    Any of the above information can be retrieved using this Client Library. The next section provides more details, instructions and recommendations regarding how to build and use the client library to retrieve each event type in order to import them.

    Previous
    Next

    How to retrieve data from FortiNDR Cloud Services

    How to retrieve data from FortiNDR Cloud Services

    FortiNDR Cloud Service collects an array of information that can be imported using this library.

    • Detections:

      An alert mechanism that notifies you of events impacting your device and network. Detections allow you to quickly identify and respond to suspicious or known malicious activity in your network.

    • Events:

      FortiNDR Cloud network sensors perform deep packet inspection of all observed network traffic and extract key protocol metadata. This metadata is enriched and organized into records called Events. In addition, FortiNDR Cloud observations and Suricata detections appear as events.

    • Entities:

      FortiNDR Cloud entities are unique identifiers on the network. Entities are extracted from the event data and cataloged in their own data store. Contextual information is then added to the entities when applicable.

    • Suricata:

      A match for a single Suricata signature with details.

    • Observation:

      Observations are a result of multi-stage data pipelines that go across multiple events, do historical data lookups, draw correlations, compute several statistics and in some cases use machine learning algorithms to classify and predict outcomes.

    Any of the above information can be retrieved using this Client Library. The next section provides more details, instructions and recommendations regarding how to build and use the client library to retrieve each event type in order to import them.

    Previous
    Next