FortiAnalyzer JSON-RPC API Documentation#
Comprehensive API reference for FortiAnalyzer 7.4.8 - 8.0.0+
This documentation provides complete coverage of FortiAnalyzer’s JSON-RPC API with 108 documented operations, working code examples, and best practices for automation and integration.
Getting Started
Device Manager (15 Operations)
Log Management (13 Operations)
- Search Traffic Logs by Destination IP
- Search Application Control Logs
- Search Attack Logs - Botnet Detection
- Search Attack Logs - By Session ID
- Search Attack Logs - IPS Signatures
- Search Malware Logs - dtype=Virus
- Search Malware Logs - External Malware List
- Search Malware Logs - Outbreak Prevention
- Search Webfilter Logs
- Fetch Log Search Results by Task ID
- Cancel Log Search Task
- Create Fabric Log Search Task
- Fetch Fabric Log Search Results
FortiView (17 Operations)
- Create IOC Analysis Task
- Fetch IOC Results by Task ID
- IOC Blacklist Drilldown - Device-Specific
- Configure IOC Rescan Settings
- Create Top Sources Task
- Fetch Top Sources Results by Task ID
- Create Top Applications Task
- Top Applications Filtered by Policy Name
- Fetch Top Applications Results by Task ID
- Create Top Threats Task
- Fetch Top Threats Results by Task ID
- SD-WAN Interface Health Overview
- SD-WAN Application Usage
- SD-WAN Interface Bandwidth Statistics
- SD-WAN Top Talkers
- SD-WAN Audio MOS Quality Monitoring
- Fetch SD-WAN Results by Task ID
Incidents & Events (20 Operations)
- Get Event Handlers
- Add Fabric Connector to Event Handler
- Get Fabric Connector Event Handlers
- Delete Fabric Connector from Event Handler
- Add Subnet to Event Handler
- Update Event Handler Description
- Update Event Handler Target Status
- Disable Event Handler
- Upload Event Handler Configuration
- Get Subnet Address Objects
- Add Subnet Address Object
- Add Subnet Group
- Get Subnet Groups
- Update Subnet Groups
- Get Automation Connectors (Webhooks)
- Add Automation Connector (Webhook)
- Delete Automation Connector (Webhook)
- Get IPS Alerts
- Get SD-WAN Alerts
- Get Malicious Events by Endpoint
Reports (22 Operations)
- Run Report
- Run Report from GUI
- Download Report
- Download Report Template
- Get Report Templates
- Get Report Layouts
- Get Report Layouts Without Filters
- Get Specific Report Layout
- Export Report Layout
- Clone Report Template
- Import Report
- Get Report Charts
- Add Report Schedule
- Add Report Schedule with FAZ and ADOM Filter
- Add Report Schedule with FAZ and ADOM Filter List
- Add Report Schedule with Source IP Filter
- Get Report Schedules
- Enable HCache SOC Filters
- Get Report Folders
- Add Report Folder (FortiAnalyzer 6.4)
- Add Report Folder (FortiAnalyzer 7.0)
- Delete Report Folder
System Settings (13 Operations)
- Get System Status
- Get System Performance
- Get Admin Users
- Get Certificates
- Get Managed Device Information
- Restart FortiAnalyzer
- Add Fabric of FortiAnalyzer Group
- Update Fabric of FortiAnalyzer Group
- Add Fabric of FortiAnalyzer Group with Members
- Get Log Forwarding Configuration
- Get Log Forward Device Filter
- Add Log Forward Device Filter
- Delete Log Forward Device Filter
Examples & Pilots
About
Documentation Features#
✅ 108 API Operations fully documented ✅ Verified against FortiAnalyzer v7.4.8, v7.6.4, v8.0.0 ✅ Working Python examples for every endpoint ✅ Tab-formatted REQUEST/RESPONSE examples ✅ Complete parameter documentation with types and descriptions ✅ Best practices and troubleshooting tips
Quick Links#
Get System Status - Check FortiAnalyzer version and status
Authentication Guide - Session-based and API key auth
Log Search Workflow - Complete two-step async example
Create Event Handler - Automation and SOAR integration
Version Compatibility#
All code examples have been tested and verified to work across:
FortiAnalyzer v7.4.8 (build2744) - Stable LTS
FortiAnalyzer v7.6.4 (build3579) - Latest GA Release
FortiAnalyzer v8.0.0 (build0017) - Interim/Beta
No breaking API changes detected between versions.
Last Updated: November 10, 2025 Documentation Version: 1.0 API Coverage: FortiAnalyzer 7.4.8 - 8.0.0+