FortiSIEM Update Device Monitoring

Update Device Monitoring

Applies To

API Parameters for Enterprise Deployments

API Parameters for Multitenant Deployments

Sample XML Output

Sample Code

Sample XML Input File

Sample Python Script

Applies To

Enterprise and multitenant deployments.

API Parameters for Enterprise Deployments
Methodology REST API based: make an HTTP(S) request with an input XML (optional).
Input URL https:///phoenix/rest/deviceMon/updateMonitor
Input

Credentials

 Username and password of any AccelOps account
Input

Parameters

Username and password of Super account or Organization specific account, Organization name, input XML containing the updates to device monitoring configuration.
Output  HTTP Status Code
API Parameters for Multitenant Deployments
Methodology REST API based: make an HTTP(S) request with an input XML (optional).
Input URL https:///phoenix/rest/deviceMon/updateMonitor
Input

Credentials

Username and password of Super account or Organization specific account, Organization name, input XML containing the updates to device monitoring configuration.
Output  HTTP Status Code

Sample XML Output

MonitorDevice.xml

Sample Code

Sample XML Input File

Sample Python Script

This sample takes the credentials, and optionally an organization name, as arguments and writes out the parsed XML output file in a comma separated value (CSV) format on the screen. The output can be redirected to a file if needed.

UpdateMonitor.py Script Usage

 

 

import sys, base64, urllib, urllib2 def restPost(appServer, user, password, file):

f = open(file, ‘r’)     content = f.read()

f.close()     url = “https://” + appServer + “/phoenix/rest/deviceMon/updateMonitor”     auth = “Basic %s” % base64.encodestring(user + “:” + password)     request = urllib2.Request(url, content)     request.add_header(‘Authorization’, auth)     request.add_header(‘Content-Type’, ‘text/xml’) # ‘application/xml’     request.add_header(‘Content-Length’, len(content)+2)     request.add_header(‘User-Agent’, ‘Python-urllib2/2.7’)     request.get_method = lambda: ‘PUT’     try:

handle = urllib2.urlopen(request)     except urllib2.HTTPError, error:         if (error.code != 204):

print error if __name__==’__main__’:     if len(sys.argv) != 5:

print “Usage: UpdateMonitor.py appServer user password deviceDefFile”         print “Example: python UpdateMonitor.py 192.168.20.116 super/admin adm1n deviceMonitorDef.xml”         sys.exit()     restPost(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4])

python UpdateMonitor.py <AccelOps_IP> <user> <password> <device monitor xml file name> Sample Query

python UpdateMonitor.py 172.16.20.210 “super/admin”

“admin*1” MonitorDevice.xml

Super_user needs to be explicitly stated in organization/user format, for example “super/admi n” or “super/admin” instead of just “admin”

 

 

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.