Fortinet black logo

Integration API Guide

Event/Query Worker Configuration API

Event/Query Worker Configuration API

These APIs enables you to query and make changes to event worker or query worker configurations.

Get Event Worker

This GET API retrieves the list of Event Workers defined in FortiSIEM.

Release Added: 6.5.0

Input URL https://<FortiSIEM_Supervisor_IP>/phoenix/rest/system/eventworker

Input Credentials

User name and password of Supervisor account, or Organization specific user name and password, Organization name.

HTTP Method

GET

Output

When the request succeeds (HTTP response code 200), then a JSON file is returned with the list of Event Workers as defined in GUI. Sample JSON follows.

{
  "addresses": [
    "wk1.acme.com",
    "192.0.2.0"
  ]
}

Add Event Worker

This POST API enables you to add an Event Worker to the list of Event Workers defined in FortiSIEM.

Release Added: 6.5.0

Input URL https://<FortiSIEM_Supervisor_IP>/phoenix/rest/system/add/eventworker

Input Credentials

User name and password of Supervisor account, or Organization specific user name and password, Organization name.

HTTP Method

POST

Request Body

Field

Type

Description

Body JSON array of Event Worker addresses entry Event Worker FQDN or IP

Request Body Example

{
"addresses": ["wk1.acme.com",”wk2.acme.com”]
}

Output

When the request succeeds (HTTP response code 200), then a JSON file is returned with the list of successful and failed additions.

{
  "success": [
    "Event worker added: wk1.acme.com"
  ],
  "failed": [
    "Not a valid worker address: invalidworkaddress"
  ]
}

Delete Event Worker

This POST API enables you to delete an Event Worker from the list of Event Workers defined in FortiSIEM.

Release Added: 6.5.0

Request URL https://<FortiSIEM_Supervisor_IP>/phoenix/rest/system/delete/eventworker

Input Credentials

User name and password of Supervisor account, or Organization specific user name and password, Organization name.

HTTP Method

POST

Request Body

Field

Type

Description

Body JSON array of Event Worker addresses entry Event Worker FQDN or IP

Request Body Example

{
"addresses": ["wk1.acme.com",”wk2.acme.com”]
}

Output

When the request succeeds (HTTP response code 200), then a JSON file is returned with the list of successful and failed additions.

{
  "success": [
    "Event worker deleted: wk1.acme.com"
  ],
  "failed": [
    "Not a valid worker address: invalidworkaddress"
  ]
}

Get Query Worker

This GET API retrieves the list of Query Workers defined in FortiSIEM.

Release Added: 6.5.0

Input URL https://<FortiSIEM_Supervisor_IP>/phoenix/rest/system/queryworker

Input Credentials

User name and password of Supervisor account, or Organization specific user name and password, Organization name.

HTTP Method

GET

Output

When the request succeeds (HTTP response code 200), then a JSON file is returned with the list of Query Workers as defined in GUI. Sample JSON follows.

{
  "addresses": [
    "wk1.acme.com",
    "192.0.2.84"
  ]
}

Add Query Worker

This POST API is available to add Query Worker IP addresses or resolvable host names.

Release Added: 6.5.0

Input URL https://<FortiSIEM_Supervisor_IP>/phoenix/rest/system/add/queryworker

Input Credentials

User name and password of Supervisor account, or Organization specific user name and password, Organization name.

HTTP Method

POST

Request Body

Field

Type

Description

Body JSON array of Query Worker addresses entry Query Worker FQDN or IP

Request Body Example

{
"addresses": ["wk1.acme.com",”wk2.acme.com”]
}

Output

When the request succeeds (HTTP response code 200), then a JSON file is returned with the list of successful and failed additions.

{
  "success": [
    "Query worker added: wk1.acme.com"
  ],
  "failed": [
    "Not a valid worker address: invalidworkaddress"
  ]
}

Delete Query Worker

This POST API enables you to delete a Query Worker from the list of Query Workers defined in FortiSIEM.

Release Added: 6.5.0

Request URL https://<FortiSIEM_Supervisor_IP>/phoenix/rest/system/delete/queryworker

Input Credentials

User name and password of Supervisor account, or Organization specific user name and password, Organization name.

HTTP Method

POST

Request Body

Field

Type

Description

Body JSON array of Query Worker FQDN or IP Query Worker FQDN or IP

Request Body Example

{
"addresses": ["wk1.acme.com",”wk2.acme.com”]
}

Output

When the request succeeds (HTTP response code 200), then a JSON file is returned with the list of successful and failed additions.

{
  "success": [
    "Query worker deleted: wk1.acme.com"
  ],
  "failed": [
    "Not a valid worker address: invalidworkaddress"
  ]
}

Event/Query Worker Configuration API

Event/Query Worker Configuration API

These APIs enables you to query and make changes to event worker or query worker configurations.

Get Event Worker

This GET API retrieves the list of Event Workers defined in FortiSIEM.

Release Added: 6.5.0

Input URL https://<FortiSIEM_Supervisor_IP>/phoenix/rest/system/eventworker

Input Credentials

User name and password of Supervisor account, or Organization specific user name and password, Organization name.

HTTP Method

GET

Output

When the request succeeds (HTTP response code 200), then a JSON file is returned with the list of Event Workers as defined in GUI. Sample JSON follows.

{
  "addresses": [
    "wk1.acme.com",
    "192.0.2.0"
  ]
}

Add Event Worker

This POST API enables you to add an Event Worker to the list of Event Workers defined in FortiSIEM.

Release Added: 6.5.0

Input URL https://<FortiSIEM_Supervisor_IP>/phoenix/rest/system/add/eventworker

Input Credentials

User name and password of Supervisor account, or Organization specific user name and password, Organization name.

HTTP Method

POST

Request Body

Field

Type

Description

Body JSON array of Event Worker addresses entry Event Worker FQDN or IP

Request Body Example

{
"addresses": ["wk1.acme.com",”wk2.acme.com”]
}

Output

When the request succeeds (HTTP response code 200), then a JSON file is returned with the list of successful and failed additions.

{
  "success": [
    "Event worker added: wk1.acme.com"
  ],
  "failed": [
    "Not a valid worker address: invalidworkaddress"
  ]
}

Delete Event Worker

This POST API enables you to delete an Event Worker from the list of Event Workers defined in FortiSIEM.

Release Added: 6.5.0

Request URL https://<FortiSIEM_Supervisor_IP>/phoenix/rest/system/delete/eventworker

Input Credentials

User name and password of Supervisor account, or Organization specific user name and password, Organization name.

HTTP Method

POST

Request Body

Field

Type

Description

Body JSON array of Event Worker addresses entry Event Worker FQDN or IP

Request Body Example

{
"addresses": ["wk1.acme.com",”wk2.acme.com”]
}

Output

When the request succeeds (HTTP response code 200), then a JSON file is returned with the list of successful and failed additions.

{
  "success": [
    "Event worker deleted: wk1.acme.com"
  ],
  "failed": [
    "Not a valid worker address: invalidworkaddress"
  ]
}

Get Query Worker

This GET API retrieves the list of Query Workers defined in FortiSIEM.

Release Added: 6.5.0

Input URL https://<FortiSIEM_Supervisor_IP>/phoenix/rest/system/queryworker

Input Credentials

User name and password of Supervisor account, or Organization specific user name and password, Organization name.

HTTP Method

GET

Output

When the request succeeds (HTTP response code 200), then a JSON file is returned with the list of Query Workers as defined in GUI. Sample JSON follows.

{
  "addresses": [
    "wk1.acme.com",
    "192.0.2.84"
  ]
}

Add Query Worker

This POST API is available to add Query Worker IP addresses or resolvable host names.

Release Added: 6.5.0

Input URL https://<FortiSIEM_Supervisor_IP>/phoenix/rest/system/add/queryworker

Input Credentials

User name and password of Supervisor account, or Organization specific user name and password, Organization name.

HTTP Method

POST

Request Body

Field

Type

Description

Body JSON array of Query Worker addresses entry Query Worker FQDN or IP

Request Body Example

{
"addresses": ["wk1.acme.com",”wk2.acme.com”]
}

Output

When the request succeeds (HTTP response code 200), then a JSON file is returned with the list of successful and failed additions.

{
  "success": [
    "Query worker added: wk1.acme.com"
  ],
  "failed": [
    "Not a valid worker address: invalidworkaddress"
  ]
}

Delete Query Worker

This POST API enables you to delete a Query Worker from the list of Query Workers defined in FortiSIEM.

Release Added: 6.5.0

Request URL https://<FortiSIEM_Supervisor_IP>/phoenix/rest/system/delete/queryworker

Input Credentials

User name and password of Supervisor account, or Organization specific user name and password, Organization name.

HTTP Method

POST

Request Body

Field

Type

Description

Body JSON array of Query Worker FQDN or IP Query Worker FQDN or IP

Request Body Example

{
"addresses": ["wk1.acme.com",”wk2.acme.com”]
}

Output

When the request succeeds (HTTP response code 200), then a JSON file is returned with the list of successful and failed additions.

{
  "success": [
    "Query worker deleted: wk1.acme.com"
  ],
  "failed": [
    "Not a valid worker address: invalidworkaddress"
  ]
}