Fortinet black logo

Integration API Guide

Home FortiSIEM 6.7.2 Integration API Guide

Get Triggering Event IDs for One or More Incidents

6.7.2
7.1.3
7.1.1
7.1.0
7.0.3
7.0.2
7.0.1
7.0.0
6.7.9
6.7.8
6.7.7
6.7.6
6.7.5
6.7.4
6.7.3
6.7.2
6.7.1
6.7.0
6.6.5
6.6.4
6.6.3
6.6.2
6.6.1
6.6.0
6.5.3
6.5.2
6.5.1
6.5.0
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.3.0
6.2.1
6.2.0
6.1.2
6.1.1
6.1.0
5.4.0
5.3.3
5.3.2
5.3.1
5.3.0
5.2.6
5.2.5
5.2.1
5.1.0
5.0.0
4.10.0
Copy Link
Copy Doc ID 7fb9ff56-b91c-11ed-8e6d-fa163e15d75b:575073
Download PDF

Get Triggering Event IDs for One or More Incidents

This API enables you to get the triggering event IDs for one or more incidents

API Specifications

Release Added

5.2.5
Methodology REST API based: Caller makes an HTTPS request with query parameter: incidentId.
Request URL https://<FortiSIEM_Supervisor_IP>/phoenix/rest/incident/
triggeringEvents?incidentIds=<incidentId1>,<incidentId2>
Input Credentials
  • Enterprise deployments: User name and password of any FortiSIEM account that has the appropriate access. Use "super" as the organization for Enterprise deployments.
    Curl example: curl -k -u super/admin:Admin*123
  • Service Provider deployments: User name and password of Super Global account or Organization specific account and name. Make sure that the account has the appropriate access.
    Curl example with super organization: curl -k -u super/admin:Admin*123
    If querying for a specific organization, replace "super" with the organization name.
Input Parameters Query parameters: incidentIds
Output XML that contains the triggered event IDs for all incidents in the input list.

Refer to Example Usage to get the list of monitored devices and attributes.

Previous
Next

Get Triggering Event IDs for One or More Incidents

This API enables you to get the triggering event IDs for one or more incidents

API Specifications

Release Added

5.2.5
Methodology REST API based: Caller makes an HTTPS request with query parameter: incidentId.
Request URL https://<FortiSIEM_Supervisor_IP>/phoenix/rest/incident/
triggeringEvents?incidentIds=<incidentId1>,<incidentId2>
Input Credentials
  • Enterprise deployments: User name and password of any FortiSIEM account that has the appropriate access. Use "super" as the organization for Enterprise deployments.
    Curl example: curl -k -u super/admin:Admin*123
  • Service Provider deployments: User name and password of Super Global account or Organization specific account and name. Make sure that the account has the appropriate access.
    Curl example with super organization: curl -k -u super/admin:Admin*123
    If querying for a specific organization, replace "super" with the organization name.
Input Parameters Query parameters: incidentIds
Output XML that contains the triggered event IDs for all incidents in the input list.

Refer to Example Usage to get the list of monitored devices and attributes.

Previous
Next