Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FNC Python Library

    Home FortiNDR Cloud 2024.10.0 FNC Python Library
    2024.10.0
    2024.10.0

    Getting the client

    Getting the client

    The FncClient class that can be imported from fnc.fnc_client, is used to create the specific client instance that is required. There are two different types of clients provided by the FortiNDR Cloud Client Library.

    • FncApiClient: This client leverages the REST APIs exposed by the FortiNDR Cloud Services to retrieve and manage detections, events and entities.
    • FncMetastreamClient: This client allows access to the AWS S3 buckets to retrieve suricata and observation events observed within the FortiNDR Cloud Services.

    FncApiClient

    To create the FncApiClient instance we call the get_api_client class method that receive 5 arguments:

    Argument

    Type

    Required

    Default

    Description

    name

    string

    false

    FNC_Py_Client-v1.0.0

    This value is used to create the User-Agent id that will identify any request made by this client in the Server’s API logs. It is also used to identify the client logs if no specific logger is passed.

    domain

    string

    false

    icebrg.io

    Domain to where any REST request will be sent. For additional information, see the API Getting Started Guide.

    api_token

    string

    true

    API Token required to authenticate any request coming from this client. For additional information, see the API Getting Started Guide.

    rest_client

    FncRestClient

    false

    The Client API provide a default FncRestClient implementation that will be used if no rest_client is passed. To use a different one, its implementation needs to extend the FncRestClient class.

    logger

    FncLoger

    false

    default implementation of the FncLogger class

    To provide different logging mechanism, the FncLogger class need to be extended and the its methods implemented appropriately. The specific handler needs to be enabled to send logs to file or console.
    Note

    FncClientError is returned if no api_token is provided or if it is invalid. Also, if there is an active FncApiClient, created for the same domain and API Token that was provided, it will not be created again. Instead, a reference to the existing instance will be provided. Otherwise, a new client will be created replacing the active one.
    Example
    from fnc.api import FncApiClient
from fnc.errors import FncClientError
from fnc.fnc_client import FncClient

client_name = ''
api_token = ''
domain = ''
log_level = None
client: FncApiClient = None

try:
    client = FncClient.get_api_client(
        name=client_name,
        domain=domain,
        api_token=api_token
    )
except FncClientError as e:
    client.get_logger().error(e)

client.get_logger().set_level(level=log_level)

    FncMetastreamClient

    To create the FncMetastreamClient instance we call the get_metastream_client class method that receive 6 arguments:

    Argument

    Type

    Required

    Default

    Description

    name

    string

    false

    FNC_Py_Client-v1.0.0

    This value is used to create the User-Agent id that will identify any request made by this client in the Server’s API logs. It is also used to identify the client logs if no specific logger is passed.

    account_code

    string

    true

    The customer account code for which the raw events need to be retrieved.

    secret_key

    string

    true

    AWS secret access key required for authentication.

    access_key

    string

    true

    AWS key required for authentication.

    bucket

    string

    false

    'fortindr-cloud-metastream'

    Bucket from where to retrieve the events

    logger

    FncLoger

    false

    default implementation of the FncLogger class

    To provide different logging mechanism, the FncLogger class need to be extended and its methods implemented appropriately. The specific handler needs to be enabled to send logs to file or console.
    Note

    FncClientError is returned if either sercret_key, access_key or account_code is missing. Also, if there is an active FncMetastreamClient, created for the same sercret_key, access_key and account_code that was provided, it will not be created again. Instead, a reference to the existing instance will be provided. Otherwise, a new client will be created replacing the active one.
    Example:
    from fnc.errors import FncClientError
from fnc.fnc_client import FncClient
from fnc.metastream import FncMetastreamClient

client_name = ''
access_key = ''
secret_key = ''
account_code = ''
bucket_name = ''
log_level = None
client: FncMetastreamClient = None

try:
    client = FncClient.get_metastream_client(
        name=client_name,
        access_key=access_key,
        secret_key=secret_key,
        account_code=account_code,
        bucket_name=bucket_name
    )

except FncClientError as e:
    client.get_logger().error(e)

client.get_logger().set_level(level=log_level)
    Previous
    Next

    Getting the client

    Getting the client

    The FncClient class that can be imported from fnc.fnc_client, is used to create the specific client instance that is required. There are two different types of clients provided by the FortiNDR Cloud Client Library.

    • FncApiClient: This client leverages the REST APIs exposed by the FortiNDR Cloud Services to retrieve and manage detections, events and entities.
    • FncMetastreamClient: This client allows access to the AWS S3 buckets to retrieve suricata and observation events observed within the FortiNDR Cloud Services.

    FncApiClient

    To create the FncApiClient instance we call the get_api_client class method that receive 5 arguments:

    Argument

    Type

    Required

    Default

    Description

    name

    string

    false

    FNC_Py_Client-v1.0.0

    This value is used to create the User-Agent id that will identify any request made by this client in the Server’s API logs. It is also used to identify the client logs if no specific logger is passed.

    domain

    string

    false

    icebrg.io

    Domain to where any REST request will be sent. For additional information, see the API Getting Started Guide.

    api_token

    string

    true

    API Token required to authenticate any request coming from this client. For additional information, see the API Getting Started Guide.

    rest_client

    FncRestClient

    false

    The Client API provide a default FncRestClient implementation that will be used if no rest_client is passed. To use a different one, its implementation needs to extend the FncRestClient class.

    logger

    FncLoger

    false

    default implementation of the FncLogger class

    To provide different logging mechanism, the FncLogger class need to be extended and the its methods implemented appropriately. The specific handler needs to be enabled to send logs to file or console.
    Note

    FncClientError is returned if no api_token is provided or if it is invalid. Also, if there is an active FncApiClient, created for the same domain and API Token that was provided, it will not be created again. Instead, a reference to the existing instance will be provided. Otherwise, a new client will be created replacing the active one.
    Example
    from fnc.api import FncApiClient
from fnc.errors import FncClientError
from fnc.fnc_client import FncClient

client_name = ''
api_token = ''
domain = ''
log_level = None
client: FncApiClient = None

try:
    client = FncClient.get_api_client(
        name=client_name,
        domain=domain,
        api_token=api_token
    )
except FncClientError as e:
    client.get_logger().error(e)

client.get_logger().set_level(level=log_level)

    FncMetastreamClient

    To create the FncMetastreamClient instance we call the get_metastream_client class method that receive 6 arguments:

    Argument

    Type

    Required

    Default

    Description

    name

    string

    false

    FNC_Py_Client-v1.0.0

    This value is used to create the User-Agent id that will identify any request made by this client in the Server’s API logs. It is also used to identify the client logs if no specific logger is passed.

    account_code

    string

    true

    The customer account code for which the raw events need to be retrieved.

    secret_key

    string

    true

    AWS secret access key required for authentication.

    access_key

    string

    true

    AWS key required for authentication.

    bucket

    string

    false

    'fortindr-cloud-metastream'

    Bucket from where to retrieve the events

    logger

    FncLoger

    false

    default implementation of the FncLogger class

    To provide different logging mechanism, the FncLogger class need to be extended and its methods implemented appropriately. The specific handler needs to be enabled to send logs to file or console.
    Note

    FncClientError is returned if either sercret_key, access_key or account_code is missing. Also, if there is an active FncMetastreamClient, created for the same sercret_key, access_key and account_code that was provided, it will not be created again. Instead, a reference to the existing instance will be provided. Otherwise, a new client will be created replacing the active one.
    Example:
    from fnc.errors import FncClientError
from fnc.fnc_client import FncClient
from fnc.metastream import FncMetastreamClient

client_name = ''
access_key = ''
secret_key = ''
account_code = ''
bucket_name = ''
log_level = None
client: FncMetastreamClient = None

try:
    client = FncClient.get_metastream_client(
        name=client_name,
        access_key=access_key,
        secret_key=secret_key,
        account_code=account_code,
        bucket_name=bucket_name
    )

except FncClientError as e:
    client.get_logger().error(e)

client.get_logger().set_level(level=log_level)
    Previous
    Next