Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiNDR API Getting Started

    Home FortiNDR Cloud 2024.10.0 FortiNDR API Getting Started
    2024.10.0
    2024.10.0

    Requirements

    Requirements

    Two pieces of information are required to use any of the FortiNDR Cloud APIs and the integrations:

    Domain

    The domain is required to direct the requests to the appropriate API.
    API Token An API Token needs to be passed with any request to the FortiNDR Cloud REST APIs for authentication purposes.

    In the next sections, we show where and how this information can be retrieved.

    Domain

    FortiNDR Cloud, is a multi-region service and accounts are created for a specific region. For this reason, any request to the APIs needs to be sent to the same region the account has access to. Below are the domains to be used for each of the available regions:

    US region

    EU region

    Portal URL

    https://portal.fortindr.forticloud.com

    https://portal-eu.fortindr.forticloud.com

    Domain

    Icebrg.io

    eu.fortindr.forticloud.com

    Entity API

    https://entity.icebrg.io

    https://entity.eu.fortindr.forticloud.com

    Detection API

    https://detections.icebrg.io

    https://detections.eu.fortindr.forticloud.com

    Investigation API

    https://investigation.icebrg.io

    https://investigation.eu.fortindr.forticloud.com

    Sensor API

    https://sensor.icebrg.io

    https://sensor.eu.fortindr.forticloud.com

    The construction of the URL will be the same regardless of the region (For a link to the API documentation, see Appendix A: APIs). Only the domain will be different and the appropriate one needs to be used. To determine which domain to use, log into the portal and look for the domain being used. Compare the domain with the list above and choose the appropriate one. The required domain will be the same for both the portal and the APIs.

    Note

    Since the integrations construct the URL internally they only need the domain. However, to access the APIs directly, the appropriate API documentation needs to be consulted to see how the URL is constructed and what are the required arguments.

    API Token

    API tokens are used to access FortiNDR Cloud APIs. For integrations or scenarios where multiple users will rely on the token, a token tied to an API-only user is highly recommended.

    API-only users are primarily designed for integration configurations. They cannot have passwords or multi-factor authentication enabled, nor do they receive emails. Their tokens are managed entirely by users with Admin privileges for the account.

    Previous
    Next

    Requirements

    Requirements

    Two pieces of information are required to use any of the FortiNDR Cloud APIs and the integrations:

    Domain

    The domain is required to direct the requests to the appropriate API.
    API Token An API Token needs to be passed with any request to the FortiNDR Cloud REST APIs for authentication purposes.

    In the next sections, we show where and how this information can be retrieved.

    Domain

    FortiNDR Cloud, is a multi-region service and accounts are created for a specific region. For this reason, any request to the APIs needs to be sent to the same region the account has access to. Below are the domains to be used for each of the available regions:

    US region

    EU region

    Portal URL

    https://portal.fortindr.forticloud.com

    https://portal-eu.fortindr.forticloud.com

    Domain

    Icebrg.io

    eu.fortindr.forticloud.com

    Entity API

    https://entity.icebrg.io

    https://entity.eu.fortindr.forticloud.com

    Detection API

    https://detections.icebrg.io

    https://detections.eu.fortindr.forticloud.com

    Investigation API

    https://investigation.icebrg.io

    https://investigation.eu.fortindr.forticloud.com

    Sensor API

    https://sensor.icebrg.io

    https://sensor.eu.fortindr.forticloud.com

    The construction of the URL will be the same regardless of the region (For a link to the API documentation, see Appendix A: APIs). Only the domain will be different and the appropriate one needs to be used. To determine which domain to use, log into the portal and look for the domain being used. Compare the domain with the list above and choose the appropriate one. The required domain will be the same for both the portal and the APIs.

    Note

    Since the integrations construct the URL internally they only need the domain. However, to access the APIs directly, the appropriate API documentation needs to be consulted to see how the URL is constructed and what are the required arguments.

    API Token

    API tokens are used to access FortiNDR Cloud APIs. For integrations or scenarios where multiple users will rely on the token, a token tied to an API-only user is highly recommended.

    API-only users are primarily designed for integration configurations. They cannot have passwords or multi-factor authentication enabled, nor do they receive emails. Their tokens are managed entirely by users with Admin privileges for the account.

    Previous
    Next