{"id":50939494,"url":"https://github.com/rstierli/fortianalyzer-api-postman","last_synced_at":"2026-06-17T12:31:39.305Z","repository":{"id":324009632,"uuid":"1095583225","full_name":"rstierli/fortianalyzer-api-postman","owner":"rstierli","description":"Postman collection for FortiAnalyzer JSON-RPC API - 100+ endpoints for log management, reporting, device management, and security operations","archived":false,"fork":false,"pushed_at":"2025-11-13T10:13:28.000Z","size":494,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-11-13T11:11:56.007Z","etag":null,"topics":["api","api-client","fortianalyzer","fortianalyzer-api","fortinet","json-rpc","log-management","newman","postman","postman-collection","reporting","security"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rstierli.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-13T08:44:18.000Z","updated_at":"2025-11-13T10:13:38.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/rstierli/fortianalyzer-api-postman","commit_stats":null,"previous_names":["rstierli/fortianalyzer-api-postman"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/rstierli/fortianalyzer-api-postman","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rstierli%2Ffortianalyzer-api-postman","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rstierli%2Ffortianalyzer-api-postman/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rstierli%2Ffortianalyzer-api-postman/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rstierli%2Ffortianalyzer-api-postman/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rstierli","download_url":"https://codeload.github.com/rstierli/fortianalyzer-api-postman/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rstierli%2Ffortianalyzer-api-postman/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34449277,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-17T02:00:05.408Z","response_time":127,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","api-client","fortianalyzer","fortianalyzer-api","fortinet","json-rpc","log-management","newman","postman","postman-collection","reporting","security"],"created_at":"2026-06-17T12:31:37.474Z","updated_at":"2026-06-17T12:31:39.299Z","avatar_url":"https://github.com/rstierli.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# FortiAnalyzer API Postman Collection\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/FortiAnalyzer-API-red?style=for-the-badge\u0026logo=fortinet\" alt=\"FortiAnalyzer API\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Postman-Collection-orange?style=for-the-badge\u0026logo=postman\" alt=\"Postman Collection\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Version-1.1-blue?style=for-the-badge\" alt=\"Version\"/\u003e\n  \u003cimg src=\"https://img.shields.io/badge/License-MIT-green?style=for-the-badge\" alt=\"License\"/\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cstrong\u003ePostman collection for FortiAnalyzer JSON-RPC API\u003c/strong\u003e\u003cbr\u003e\n  100+ ready-to-use API requests for log management, reporting, device management, and security operations\n\u003c/p\u003e\n\n---\n\n## 🚀 Quick Start\n\n### 1. Import Collection\n\n**Option A: Direct Import to Postman**\n\nClick this button to import directly into Postman:\n\n[![Run in Postman](https://run.pstmn.io/button.svg)](https://god.gw.postman.com/run-collection/:collection_id)\n\n**Option B: Manual Download**\n\n```bash\n# Download collection\ncurl -O https://raw.githubusercontent.com/rstierli/fortianalyzer-api-postman/main/collections/FortiAnalyzer_Master_Collection_V1.1.postman_collection.json\n\n# Download environment template\ncurl -O https://raw.githubusercontent.com/rstierli/fortianalyzer-api-postman/main/environments/example.postman_environment.json\n```\n\n### 2. Configure Environment\n\n1. Import `example.postman_environment.json` into Postman\n2. Duplicate it and rename to your environment (e.g., \"My FortiAnalyzer\")\n3. Update these variables:\n   - `fqdn`: Your FortiAnalyzer hostname/IP\n   - `user`: Your admin username\n   - `password`: Your admin password\n   - `faz-api-token`: Your API key (recommended)\n\n### 3. Start Using\n\n- **Session Auth**: Run \"Login\" → Use other requests → \"Logout\"\n- **API Key Auth**: Set `faz-api-token` → Use any request directly\n\n📖 **Full setup guide:** [SETUP.md](SETUP.md)\n\n---\n\n## 📚 What's Included\n\nThe collection includes **100+ API requests** organized by category:\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003e🔐 Authentication \u0026 Session Management\u003c/b\u003e\u003c/summary\u003e\n\n- Login (Session-based)\n- Logout\n- API Key authentication examples\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003e🔍 Log Management (LogView)\u003c/b\u003e\u003c/summary\u003e\n\n**Search Operations:**\n- Search by IP address (source/destination)\n- Search by attack signature\n- Search by malware detection\n- Search by application control\n- Search by web filter\n- Search by botnet detection\n- Search by session ID\n- Cancel search tasks\n- Fetch search results\n\n**Features:**\n- Two-step async pattern support\n- Advanced filter syntax\n- Time range queries\n- Pagination support\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003e📊 Reports\u003c/b\u003e\u003c/summary\u003e\n\n- Generate reports from templates\n- Schedule report generation\n- Download generated reports\n- Manage report folders\n- Report layouts and charts\n- Custom report filters\n- Export/Import report templates\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003e🖥️ Device Management\u003c/b\u003e\u003c/summary\u003e\n\n**ADOM Operations:**\n- Create/Delete ADOMs\n- Enable/Disable ADOM mode\n- Clone ADOMs\n- Get ADOM list with filters\n\n**Device Operations:**\n- Register devices\n- Get device list (filtered/unfiltered)\n- Add unregistered devices\n- Device status monitoring\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003e📈 FortiView Analytics\u003c/b\u003e\u003c/summary\u003e\n\n- **Top Sources** - Bandwidth top talkers\n- **Top Threats** - Security threat analysis\n- **Top Applications** - Application usage statistics (with policy filters)\n- **SD-WAN Analytics**:\n  - Interface bandwidth monitoring\n  - Application usage over SD-WAN\n  - Health overview\n  - Top talkers\n  - Audio MOS score\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003e🚨 Security Operations\u003c/b\u003e\u003c/summary\u003e\n\n- **IOC Analysis** - Indicator of Compromise detection\n- **Event Handlers** - Automated incident response\n- **Automation Connectors** - Fabric connector setup\n- **Alert Management** - IPS alerts, SD-WAN alerts\n- **Subnet Management** - Subnet groups and objects\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cb\u003e⚙️ System Operations\u003c/b\u003e\u003c/summary\u003e\n\n- System status monitoring\n- Performance metrics\n- Admin user management\n- Certificate operations\n- Fabric of FortiAnalyzer (distributed deployments)\n- Log forwarding configuration\n\u003c/details\u003e\n\n---\n\n## 🤖 Smart Automation Features\n\nThis collection includes powerful **pre-request** and **post-response** scripts that automate repetitive tasks:\n\n### ✅ Automatic Time Range Calculation\n- Set `time_range_days` once (default: 30 days)\n- Time ranges automatically calculated on every request\n- Always uses current timestamps - no manual updates needed\n\n### ✅ Automatic Variable Extraction\n- **Session IDs** - Auto-extracted from login responses\n- **Task IDs (TID)** - Auto-saved for async operations (LogView, Reports, FortiView)\n- **Layout IDs** - Auto-extracted from report operations\n- **PDF Data** - Auto-captured from report downloads\n\n### ✅ Seamless Multi-Step Workflows\n```\n1. Create Search Task → TID automatically saved\n2. Fetch Results → Uses {{taskID}} automatically\n3. No manual copying needed!\n```\n\n📖 **Full details:** [SETUP.md - Collection Automation Features](SETUP.md#-collection-automation-features)\n\n---\n\n## 🔐 Authentication Methods\n\n### Method 1: Session-Based (Username/Password)\n\n**Best for:** Interactive testing, short-lived operations\n\n```\n1. Run \"Login\" request → Session ID auto-saved\n2. Run any API request → Uses session automatically\n3. Run \"Logout\" when done\n```\n\n### Method 2: API Key (Recommended)\n\n**Best for:** Automation, CI/CD, long-running scripts\n\n```\n1. Generate API key in FortiAnalyzer (see SETUP.md)\n2. Set faz-api-token in environment\n3. Run any request → No login/logout needed\n```\n\n📖 **Full guide:** [How to Create API Keys](SETUP.md#create-api-user-on-fortianalyzer)\n\n---\n\n## 📋 Environment Variables\n\n| Variable | Description | Required | Example |\n|----------|-------------|----------|---------|\n| `fqdn` | FortiAnalyzer hostname/IP | ✅ Yes | `faz.example.com` |\n| `tcp` | HTTPS port | ✅ Yes | `443` |\n| `user` | Admin username | 🔐 Session auth | `admin` |\n| `password` | Admin password | 🔐 Session auth | `yourpassword` |\n| `faz-api-token` | API key (Bearer token) | 🔑 API key auth | `abc123...` |\n| `adom` | ADOM name | ✅ Yes | `root` |\n| `session` | Session ID | 🔄 Auto | (auto-filled) |\n| `taskID` | Task ID for async ops | 🔄 Auto | (auto-filled) |\n\n📖 **Complete list:** [SETUP.md - Environment Variables](SETUP.md#environment-variables-explained)\n\n---\n\n## 🎯 Usage Examples\n\n### Example 1: Search Logs by IP Address\n\n```\n1. Authenticate (login or API key)\n2. Open: LogView → \"Create Search Task for IP Dst\"\n3. Edit the filter field with your IP address\n4. Click Send → taskID automatically saved to environment\n5. Open: LogView → \"Fetch Log Search Result by Task ID\"\n6. Click Send → Uses {{taskID}} automatically\n7. View results\n```\n\n**Note:** The collection automatically extracts and saves the Task ID (TID) from responses, so no manual copying is needed!\n\n### Example 2: Generate Security Report\n\n```\n1. Authenticate\n2. Open: Reports → \"Run Report\"\n3. Click Send → taskID and time ranges handled automatically\n4. Wait 30-60 seconds for report generation\n5. Open: Reports → \"Download Report\"\n6. Click Send → Uses saved taskID automatically\n```\n\n**Note:** Time ranges are automatically calculated based on `time_range_days` environment variable (default: 30 days).\n\n### Example 3: FortiView Top Threats\n\n```\n1. Authenticate\n2. Open: FortiView Top Threats → \"Create Task\"\n3. Click Send → taskID auto-saved\n4. Open: FortiView Top Threats → \"Fetch Result by Task\"\n5. Click Send → Uses {{taskID}} automatically to get threat statistics\n```\n\n---\n\n## 🛠️ Prerequisites\n\n- **FortiAnalyzer** v7.4.0+ (tested on v7.4.8, v7.6.4, v8.0.0)\n- **Postman** Desktop or Postman CLI (Newman)\n- **Network Access** to FortiAnalyzer via HTTPS\n- **Admin privileges** or dedicated API user account\n\n---\n\n## 📖 Documentation\n\n- **Setup Guide**: [SETUP.md](SETUP.md) - Complete installation and configuration\n- **API Documentation**: [FortiAnalyzer API Docs](https://docs.fortinet.com/document/fortianalyzer/latest/json-rpc-api-reference/)\n- **Full Documentation**: [How to FortiAnalyzer API](https://how-to-fortianalyzer-api.readthedocs.io/en/latest/)\n\n---\n\n## 🔒 Security Best Practices\n\n✅ **Use API Keys** for automation (no timeout issues)\n✅ **Rotate credentials** regularly\n✅ **Use dedicated API users** (don't use admin)\n✅ **Store secrets securely** (Postman Vault, environment variables)\n✅ **Limit API user permissions** (custom profiles)\n❌ **Never commit** environment files with real credentials\n✅ **Monitor API usage** in FortiAnalyzer audit logs\n✅ **Use HTTPS** always (verify certificates in production)\n\n---\n\n## 🤖 CI/CD Integration (Newman)\n\nRun collections in CI/CD pipelines using Newman:\n\n```bash\n# Install Newman\nnpm install -g newman\n\n# Run collection with environment\nnewman run collections/FortiAnalyzer_Master_Collection_V1.1.postman_collection.json \\\n  --environment environments/my-faz.postman_environment.json \\\n  --reporters cli,json\n\n# Run specific folder\nnewman run collections/FortiAnalyzer_Master_Collection_V1.1.postman_collection.json \\\n  --folder \"LogView\" \\\n  --environment environments/my-faz.postman_environment.json\n```\n\n**GitHub Actions Example:**\n\nSee [.github/workflows/test-collection.yml](.github/workflows/test-collection.yml) for CI/CD integration example.\n\n---\n\n## 🤝 Contributing\n\nContributions are welcome! Please follow these steps:\n\n1. Fork the repository\n2. Create a feature branch: `git checkout -b feature/new-endpoint`\n3. Add your changes\n4. Test with your FortiAnalyzer\n5. Commit: `git commit -m \"Add new endpoint: XYZ\"`\n6. Push: `git push origin feature/new-endpoint`\n7. Open a Pull Request\n\n**Guidelines:**\n- Use environment variables for all dynamic values\n- Follow existing request naming conventions\n- Add descriptions to new requests\n- Test against FortiAnalyzer 7.4+\n\n---\n\n## 🐛 Issues \u0026 Support\n\n- 📧 **Report Issues**: [GitHub Issues](https://github.com/rstierli/fortianalyzer-api-postman/issues)\n- 💬 **Discussions**: [GitHub Discussions](https://github.com/rstierli/fortianalyzer-api-postman/discussions)\n- 📚 **Documentation**: [SETUP.md](SETUP.md)\n\n---\n\n## 📄 License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n---\n\n## 🏷️ Version History\n\n- **v1.1** (Current) - November 2025\n  - 100+ API endpoints\n  - Session and API key authentication\n  - Complete LogView, Reports, FortiView, Device Management\n  - SD-WAN analytics\n  - IOC analysis and security operations\n\n- **v1.0** - Initial release\n\n---\n\n## 🌟 Related Projects\n\n- **Fortinet Docs** - [https://docs.fortinet.com](https://docs.fortinet.com)\n- **Fortinet API Docs** - [https://fndn.fortinet.com](https://fndn.fortinet.com)\n- **FortiAnalyzer IPS PCAP Downloader** - [https://github.com/rstierli/fortianalyzer-pcap-downloader](https://github.com/rstierli/fortianalyzer-pcap-downloader)\n\n---\n\n## 👏 Acknowledgments\n\nCreated with ❤️ by the Fortinet Community\n\nSpecial thanks to all contributors and the FortiAnalyzer development team.\n\n---\n\n\u003cp align=\"center\"\u003e\n  \u003csub\u003eBuilt with Postman | Powered by FortiAnalyzer | Secured by Fortinet\u003c/sub\u003e\n\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frstierli%2Ffortianalyzer-api-postman","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frstierli%2Ffortianalyzer-api-postman","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frstierli%2Ffortianalyzer-api-postman/lists"}