FortiSIEM provides organizations with a comprehensive, holistic and scalable solution, from IoT to the Cloud, with patented analytics that are actionable to tightly manage network security, performance and compliance standards, all delivered through a single pane of glass view of the organization.

Integration with LogicHub

Connecting with FortiSIEM

To connect to FortiSIEM following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • Server URL: Application server URL to connect to the FortiSIEM. Example: or
  • Domain: The domain used to connect to the FortiSIEM.
  • Server Port (Optional): Application server port to connect to the FortiSIEM (Default is 443).
  • Username: The username used to connect to the FortiSIEM.
  • Password: The password used to connect to the FortiSIEM.

Actions with FortiSIEM

Execute Event Query

Execute event query and returns the incident attributes.

Inputs to this Action

  • Connection: Choose a connection that you have created.
  • Jinja Template for Query COLUMN NAME: Jinja-templated XML query containing the query parameters. Example for "Top FortiSIEM Events By Count":
<Reports> <Report baseline="" rsSync=""> <Name>Top FortiSIEM Events By Count</Name> <Description>Ranks the events by the number of times they have occurred in a given time period.</Description> <CustomerScope groupByEachCustomer="false"> </CustomerScope> <SelectClause> <AttrList>eventType,COUNT(*)</AttrList> </SelectClause> <OrderByClause> <AttrList>COUNT(*) DESC</AttrList> </OrderByClause> <PatternClause window="3600"> <SubPattern id="1164394" name="Filter_OVERALL_STATUS"> <GroupByAttr>eventType</GroupByAttr> </SubPattern> </PatternClause> <userRoles> <roles custId="0">1169250</roles> </userRoles> <SyncOrgs/> </Report> </Reports>

From UI
There is a three step wizard to generate query.

This gives the facility to save the query as report (XML) for later use. You can export the report and
copy the content.

Output of Action
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: A JSON result against query.

Did this page help you?