FortiSIEM Integration API

Leave a reply

Integration API

AccelOps provides an API that you can use to query and make changes to the CMDB, query events, and send notifications. These topics contain information on API parameters, sample XML input and output files, and python scripts that you can use to interact with the API.

Python Support

Versions 2.5, 2.6

Version 2.4 is only supported when import ssl is changed to from socket import ssl

Version 3.0 cannot be supported unless all print statements are rewritten

You will need to install httplib2 and ssl manually, if they are not already installed

Topics

Add or Update an Organization

Create or Update Credentials

Discover Devices

Get CMDB Device Info

Get the List of Monitored Devices and Attributes

Get the List of Monitored Organizations

Update Device Monitoring

Add, Update or Delete Device Maintenance Schedule

Events and Report Integration

Incident Notification

Formats for Incident Notifications over Email, HTTPS, SNMP Trap, and API Using the Notification API

External Help desk / CMDB Integration External Threat Intelligence Integration License Registration

CMDB APIs

These APIs are available for interacting with the AccelOps CMDB.

Add or Update an Organization

Create or Update Credentials

Discover Devices

Get CMDB Device Info

Get the List of Monitored Devices and Attributes

Get the List of Monitored Organizations

Update Device Monitoring

Add, Update or Delete Device Maintenance Schedule

 

Add or Update an Organization

Applies To

API Parameters

Sample Code for Adding an Organization

Sample XML Input File

Sample Python Script

Sample Code for Updating an Organization’s Attributes

Sample XML Input File

Sample Python Script

Applies To

Multi-tenant deployments

API Parameters

Methodology  REST API based: makes an HTTP(S) request with an input XML containing the organization information. The key to the organization information is the name.
Request

URL

 Add an organization: https://<AccelOps_IP>/phoenix/rest/organization/add

Update an organization: https://<AccelOps_IP>/phoenix/rest/organization/update
Input

Parameters

 Username and password of Super account or Organization specific account, Organization definition file
Input XML Contains organization details – the key is the organization name, which means that entries with the same name will be merged.
Output None

Sample Code for Adding an Organization

The sample shows how to add the organization organization341 and specify its attributes.

Sample XML Input File

Sample Python Script

AddOrg.py script Usage
import sys, base64, urllib, urllib2 from xml.dom.minidom import Node, Document, parseString  def restPost(appServer, user, password, file):

f = open(file, ‘r’)     content = f.read()

f.close()     url = “https://” + appServer + “/phoenix/rest/organization/add”     auth = “Basic %s” % base64.encodestring(user + “:” + password)     request = urllib2.Request(url, content)     request.add_header(‘Authorization’, auth)     request.add_header(‘Content-Type’, ‘text/xml’) # ‘application/xml’     request.add_header(‘Content-Length’, len(content)+2)     request.add_header(‘User-Agent’, ‘Python-urllib2/2.7’)     request.get_method = lambda: ‘PUT’      try:

handle = urllib2.urlopen(request)     except urllib2.HTTPError, error:         if (error.code != 204):

print error  if __name__==’__main__’:     if len(sys.argv) != 5:

print “Usage: addOrgSample.py appServer user password orgDefFile”         print “Example: python addOrgSample.py 192.168.20.116 super/admin adm1n orgDef.xml”         sys.exit()

restPost(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4])

 python addOrg.py <AccelOps_IP> <user> <password> <orgDefFile>

Sample Code for Updating an Organization’s Attributes

Th sample increases the max events per sec (eps) value of organization341 to 1000. The Key is the name. Sample XML Input File

Sample Python Script

AddOrg.py script Usage

 

python updateOrg.py <AccelOps_IP>

<user> <password> <orgDefFile>
Create or Update Credentials

Applies To

API Parameters

Multi-Tenant Deployments

Enterprise Deployments

Sample Code for Adding and Updating Credentials

Sample XML Input File

Sample Python Script

Applies To

Enterprise and multi-tenant deployments

API Parameters

The key is the credential name in the input XML. If a credential with the same name exists, then the credential in the database will be updated with the new content.

Multi-Tenant Deployments

Methodology REST API based: make an HTTP(S) request with an input XML (optional). An output XML is returned.
Request URL https:///phoenix/rest/deviceMon/updateCredential
Input Parameters Username and password of Super account or Organization specific account, Organization name
Input XML  An XML file that contains credentials and IP to credential mappings
Output None

Enterprise Deployments

Methodology  REST API based: make an HTTP(S) request with an input XML
Request URL  https://<AccelOps_IP>/phoenix/rest/deviceMon/updateCredential
Input Parameters  Username and password of any AccelOps account
Input XML  An XML file that contains credentials and IP to credential mappings
Output None

 

Sample Code for Adding and Updating Credentials

This sample takes the credentials and, optionally, the organization name as arguments and writes out the parsed XML output file in a comma separated value (CSV) format on the screen. The output can be redirected to a file if needed. Sample XML Input File

Sample Python Script

UpdateCredentiual.py Script Usage

 

 

import sys, base64, urllib, urllib2 def restPost(appServer, user, password, file):

f = open(file,’r’)   content = f.read()

f.close()   url = “https://” + appServer + “/phoenix/rest/deviceMon/updateCredential”   auth = “Basic %s” % base64.encodestring(user + “:” + password)   request = urllib2.Request(url, content)   request.add_header(‘Authorization’, auth)   request.add_header(‘Content-Type’,’text/xml’) # ‘application/xml’   request.add_header(‘Content-Length’, len(content)+2)   request.add_header(‘User-Agent’, ‘Python-urllib2/2.7’)   request.get_method = lambda: ‘PUT’   try:

handle = urllib2.urlopen(request)   except urllib2.HTTPError, error:     if (error.code != 204):

print error  if __name__==’__main__’:     if len(sys.argv) != 5:

print “Usage: UpdateCredential.py appServer user password credentialDefFile”         print “Example: python UpdateCredential.py 192.168.20.116 super/admin adm1n credentialDef.xml”         sys.exit()

restPost(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4])

  python UpdateCredential.py

<AccelOps_IP> <user> <password> <credential xml file> Example

python UpdateCredential.py 172.16.20.210  “super/admin”

“admin*1”  AddCredential.xml

The Super_user needs to be explicitly stated in organization/user format, for

example “super/admin” or “super/ admin” instead of just “admin”

 

 


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.