Postman collection for FortiAnalyzer JSON-RPC API
100+ ready-to-use API requests for log management, reporting, device management, and security operations
Option A: Direct Import to Postman
Click this button to import directly into Postman:
Option B: Manual Download
# Download collection
curl -O https://raw.githubusercontent.com/rstierli/fortianalyzer-api-postman/main/collections/FortiAnalyzer_Master_Collection_V1.1.postman_collection.json
# Download environment template
curl -O https://raw.githubusercontent.com/rstierli/fortianalyzer-api-postman/main/environments/example.postman_environment.json- Import
example.postman_environment.jsoninto Postman - Duplicate it and rename to your environment (e.g., "My FortiAnalyzer")
- Update these variables:
fqdn: Your FortiAnalyzer hostname/IPuser: Your admin usernamepassword: Your admin passwordfaz-api-token: Your API key (recommended)
- Session Auth: Run "Login" β Use other requests β "Logout"
- API Key Auth: Set
faz-api-tokenβ Use any request directly
π Full setup guide: SETUP.md
The collection includes 100+ API requests organized by category:
π Authentication & Session Management
- Login (Session-based)
- Logout
- API Key authentication examples
π Log Management (LogView)
Search Operations:
- Search by IP address (source/destination)
- Search by attack signature
- Search by malware detection
- Search by application control
- Search by web filter
- Search by botnet detection
- Search by session ID
- Cancel search tasks
- Fetch search results
Features:
- Two-step async pattern support
- Advanced filter syntax
- Time range queries
- Pagination support
π Reports
- Generate reports from templates
- Schedule report generation
- Download generated reports
- Manage report folders
- Report layouts and charts
- Custom report filters
- Export/Import report templates
π₯οΈ Device Management
ADOM Operations:
- Create/Delete ADOMs
- Enable/Disable ADOM mode
- Clone ADOMs
- Get ADOM list with filters
Device Operations:
- Register devices
- Get device list (filtered/unfiltered)
- Add unregistered devices
- Device status monitoring
π FortiView Analytics
- Top Sources - Bandwidth top talkers
- Top Threats - Security threat analysis
- Top Applications - Application usage statistics (with policy filters)
- SD-WAN Analytics:
- Interface bandwidth monitoring
- Application usage over SD-WAN
- Health overview
- Top talkers
- Audio MOS score
π¨ Security Operations
- IOC Analysis - Indicator of Compromise detection
- Event Handlers - Automated incident response
- Automation Connectors - Fabric connector setup
- Alert Management - IPS alerts, SD-WAN alerts
- Subnet Management - Subnet groups and objects
βοΈ System Operations
- System status monitoring
- Performance metrics
- Admin user management
- Certificate operations
- Fabric of FortiAnalyzer (distributed deployments)
- Log forwarding configuration
This collection includes powerful pre-request and post-response scripts that automate repetitive tasks:
- Set
time_range_daysonce (default: 30 days) - Time ranges automatically calculated on every request
- Always uses current timestamps - no manual updates needed
- Session IDs - Auto-extracted from login responses
- Task IDs (TID) - Auto-saved for async operations (LogView, Reports, FortiView)
- Layout IDs - Auto-extracted from report operations
- PDF Data - Auto-captured from report downloads
1. Create Search Task β TID automatically saved
2. Fetch Results β Uses {{taskID}} automatically
3. No manual copying needed!
π Full details: SETUP.md - Collection Automation Features
Best for: Interactive testing, short-lived operations
1. Run "Login" request β Session ID auto-saved
2. Run any API request β Uses session automatically
3. Run "Logout" when done
Best for: Automation, CI/CD, long-running scripts
1. Generate API key in FortiAnalyzer (see SETUP.md)
2. Set faz-api-token in environment
3. Run any request β No login/logout needed
π Full guide: How to Create API Keys
| Variable | Description | Required | Example |
|---|---|---|---|
fqdn |
FortiAnalyzer hostname/IP | β Yes | faz.example.com |
tcp |
HTTPS port | β Yes | 443 |
user |
Admin username | π Session auth | admin |
password |
Admin password | π Session auth | yourpassword |
faz-api-token |
API key (Bearer token) | π API key auth | abc123... |
adom |
ADOM name | β Yes | root |
session |
Session ID | π Auto | (auto-filled) |
taskID |
Task ID for async ops | π Auto | (auto-filled) |
π Complete list: SETUP.md - Environment Variables
1. Authenticate (login or API key)
2. Open: LogView β "Create Search Task for IP Dst"
3. Edit the filter field with your IP address
4. Click Send β taskID automatically saved to environment
5. Open: LogView β "Fetch Log Search Result by Task ID"
6. Click Send β Uses {{taskID}} automatically
7. View results
Note: The collection automatically extracts and saves the Task ID (TID) from responses, so no manual copying is needed!
1. Authenticate
2. Open: Reports β "Run Report"
3. Click Send β taskID and time ranges handled automatically
4. Wait 30-60 seconds for report generation
5. Open: Reports β "Download Report"
6. Click Send β Uses saved taskID automatically
Note: Time ranges are automatically calculated based on time_range_days environment variable (default: 30 days).
1. Authenticate
2. Open: FortiView Top Threats β "Create Task"
3. Click Send β taskID auto-saved
4. Open: FortiView Top Threats β "Fetch Result by Task"
5. Click Send β Uses {{taskID}} automatically to get threat statistics
- FortiAnalyzer v7.4.0+ (tested on v7.4.8, v7.6.4, v8.0.0)
- Postman Desktop or Postman CLI (Newman)
- Network Access to FortiAnalyzer via HTTPS
- Admin privileges or dedicated API user account
- Setup Guide: SETUP.md - Complete installation and configuration
- API Documentation: FortiAnalyzer API Docs
- Full Documentation: How to FortiAnalyzer API
β Use API Keys for automation (no timeout issues) β Rotate credentials regularly β Use dedicated API users (don't use admin) β Store secrets securely (Postman Vault, environment variables) β Limit API user permissions (custom profiles) β Never commit environment files with real credentials β Monitor API usage in FortiAnalyzer audit logs β Use HTTPS always (verify certificates in production)
Run collections in CI/CD pipelines using Newman:
# Install Newman
npm install -g newman
# Run collection with environment
newman run collections/FortiAnalyzer_Master_Collection_V1.1.postman_collection.json \
--environment environments/my-faz.postman_environment.json \
--reporters cli,json
# Run specific folder
newman run collections/FortiAnalyzer_Master_Collection_V1.1.postman_collection.json \
--folder "LogView" \
--environment environments/my-faz.postman_environment.jsonGitHub Actions Example:
See .github/workflows/test-collection.yml for CI/CD integration example.
Contributions are welcome! Please follow these steps:
- Fork the repository
- Create a feature branch:
git checkout -b feature/new-endpoint - Add your changes
- Test with your FortiAnalyzer
- Commit:
git commit -m "Add new endpoint: XYZ" - Push:
git push origin feature/new-endpoint - Open a Pull Request
Guidelines:
- Use environment variables for all dynamic values
- Follow existing request naming conventions
- Add descriptions to new requests
- Test against FortiAnalyzer 7.4+
- π§ Report Issues: GitHub Issues
- π¬ Discussions: GitHub Discussions
- π Documentation: SETUP.md
This project is licensed under the MIT License - see the LICENSE file for details.
-
v1.1 (Current) - November 2025
- 100+ API endpoints
- Session and API key authentication
- Complete LogView, Reports, FortiView, Device Management
- SD-WAN analytics
- IOC analysis and security operations
-
v1.0 - Initial release
- Fortinet Docs - https://docs.fortinet.com
- Fortinet API Docs - https://fndn.fortinet.com
- FortiAnalyzer IPS PCAP Downloader - https://github.com/rstierli/fortianalyzer-pcap-downloader
Created with β€οΈ by the Fortinet Community
Special thanks to all contributors and the FortiAnalyzer development team.
Built with Postman | Powered by FortiAnalyzer | Secured by Fortinet