Skip to main content

Modern, fully-typed Python SDK for FortiAnalyzer JSON-RPC API (315 endpoints, FAZ 7.6.7)

Project description

HFortix-FortiAnalyzer

Python 3.10+ License Typing: Typed

HFortix-FortiAnalyzer is a modern, fully-typed Python SDK for the FortiAnalyzer JSON-RPC API — 315 endpoints generated from the official FAZ 7.6.7 API specification, with full .pyi type stubs for IDE autocomplete on every call. Sibling package of hfortix-fortimanager (same transport, same conventions).

🚀 Quick Start

pip install hfortix-fortianalyzer
from hfortix_fortianalyzer import FortiAnalyzer

# API key auth (FAZ 7.4.7+ / 7.6.2+) — no login/logout needed
faz = FortiAnalyzer(host="faz.example.com", api_key="your-api-key")

# Session auth — context manager handles login/logout
with FortiAnalyzer(host="faz.example.com", username="admin", password="pw") as faz:
    # Device inventory (Device Manager DB)
    devices = faz.api.dvmdb.adom.device.get(adom="root")
    for dev in devices:
        print(dev.name, dev.ip, dev.os_ver)

    # Event management — alerts in an ADOM
    alerts = faz.api.eventmgmt.adom.alerts.get(
        adom="root",
        limit=100,
        time_range={"start": "2026-07-01 00:00:00", "end": "2026-07-07 00:00:00"},
    )

    # Log search: start a search task, poll it, fetch results
    task = faz.api.logview.adom.logsearch.add(
        adom="root",
        device=[{"devid": "FGT60F0000000001"}],
        logtype="traffic",
        time_range={"start": "2026-07-06 00:00:00", "end": "2026-07-07 00:00:00"},
        filter='srcip=10.0.1.100',
    )
    results = faz.api.logview.adom.logsearch.get(adom="root", tid=task.tid)

    # Run a FortiView query
    faz.api.fortiview.adom.run.add(
        view_name="top-threats",
        adom="root",
        time_range={"start": "2026-07-06 00:00:00", "end": "2026-07-07 00:00:00"},
    )

    # Run a report (by schedule name)
    faz.api.report.adom.run.add(adom="root", schedule="Default Report")

📦 What is covered (generated from FAZ 7.6.7 specs)

Namespace Endpoints Purpose
cli 169 Full system/CLI configuration (cli.global_.system.*, cli.global_.fmupdate.*, _meta_fields, exec)
report 35 Report configuration (layouts, charts, datasets, schedules, outputs), run/export/import
eventmgmt 23 Alerts, alert logs, handlers, MITRE ATT&CK matrix
soar 16 Indicators, playbooks, connectors, SOAR task monitor
fazsys 15 FAZ system utilities (license info, fonts/translations, log rate, storage info)
dvmdb 14 Device Manager database (ADOMs, devices, groups, folders)
sys 9 System status, login/logout, proxy, reboot
logview 8 Log fields, log files, log search, log stats, PCAP
incidentmgmt 8 Incidents, attachments, endpoint/user history
dvm 5 Device add/delete commands (dvm.cmd.*, exec-style)
ioc 4 Indicators of compromise (rescan, events ack, license)
task 3 Task monitoring (task.task, task.task.line, task.task.line.history)
sql_report 3 SQL report helpers (layout folders, schedule devices/filters)
um 2 Update manager image upgrade (exec-style)
fortiview 1 FortiView query run/fetch/cancel (all views via view_name=)

Total: 315 endpoints (466 .py + 466 .pyi files). Every module of the official FortiAnalyzer 7.6.7 API specification is generated — nothing was excluded.

🧭 Navigation mirrors the API

URL scoping segments are kept, exactly like hfortix-fortimanager:

  • /dvmdb/adom/{adom}/devicefaz.api.dvmdb.adom.device.get(adom="root")
  • /eventmgmt/adom/{adom}/alertsfaz.api.eventmgmt.adom.alerts.get(adom="root")
  • /dvmdb/device/{device} (no ADOM) → faz.api.dvmdb.device.get(device="fgt1")
  • Python keywords get a trailing underscore: cli.global_, system.global_
  • Hyphenated API names become underscores in Python (time_range=, view_name=), but the wire payload always uses the original API names ("time-range", "indicator-uuid", …)

✨ Key Features

  • 💪 Fully typed.pyi stubs for every endpoint; Literal[...] enums for every documented value; PEP 561 py.typed
  • 🔑 Dual auth — session (username/password with automatic re-login) or API key (Bearer, FAZ 7.4.7+/7.6.2+)
  • 🤖 apiver handled for you — v3-style endpoints (eventmgmt, logview, fortiview, report, soar, …) automatically send the required apiver: 3
  • 📦 Minimal payloads — only the parameters you pass are sent; FAZ applies its own server-side defaults (no surprise field writes)
  • 🛡️ Production plumbing from hfortix-core — retry with backoff, optional rate limiting and circuit breaker, audit logging, sanitized logs

🪄 Escape hatch — raw JSON-RPC

Anything not exposed as a typed endpoint can be called directly:

result = faz.client.execute(
    method="get",
    params=[{"url": "/logview/adom/root/logstats", "apiver": 3}],
)

⚠️ Known limitations (0.1.x)

  • Validated against a live FortiAnalyzer 7.6.7 for the core flows: session auth, dvmdb/sys/task (legacy dialect) and eventmgmt/logview (apiver-3 dialect, including the logsearch task lifecycle). Exotic endpoints are generated from the specs but not individually exercised — treat them with care and report issues.
  • devid takes the device SERIAL number in logview/fortiview device filters (e.g. device=[{"devid": "FGVM02TM25017392"}]), not the device name — the FAZ rejects names with "None of the device(s) can be found".
  • One URL form per endpoint — where the spec documents alternate URL forms (e.g. /report/config/import also existing as /report/global/config/import and un-scoped /report/graph-file), only the ADOM-scoped form is generated. Use the raw escape hatch for the others.
  • /report/adom/root/template/language is generated as report.adom.template.language.get(adom=...) — pass adom="root" as the spec documents.
  • model_registry / as_models() / typed response models are experimental placeholders — they currently return None / fall back to generic objects.
  • Sync only — no async client yet (unlike hfortix-fortios).

🔗 Related Packages

This package is part of the HFortix SDK ecosystem:

📄 License

Proprietary license. All rights reserved.

🤝 Support


Version: 0.1.0 (Alpha) FortiAnalyzer Support: 7.6.7 (specs) Python: 3.10+

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

hfortix_fortianalyzer-0.1.0.tar.gz (297.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

hfortix_fortianalyzer-0.1.0-py3-none-any.whl (954.6 kB view details)

Uploaded Python 3

File details

Details for the file hfortix_fortianalyzer-0.1.0.tar.gz.

File metadata

  • Download URL: hfortix_fortianalyzer-0.1.0.tar.gz
  • Upload date:
  • Size: 297.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.12.3

File hashes

Hashes for hfortix_fortianalyzer-0.1.0.tar.gz
Algorithm Hash digest
SHA256 53d3bea0b655d02996cb2d13afbe6b5c8c6ab70106f3657f72948ca3654fb5a6
MD5 756be31b82d811eee22f60fad8feee31
BLAKE2b-256 771a0eca0063f6a9166bf09e371961d2f07cfba580eae7a899a5f4b3f1297f19

See more details on using hashes here.

File details

Details for the file hfortix_fortianalyzer-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for hfortix_fortianalyzer-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 fd365d835a3392da550b1730417b57275bae4bf6cbf9f1d9662bc33b88dbcb24
MD5 5b87db2eb5b949d31450525edcc796e2
BLAKE2b-256 24d29743ceaa79e4b85daab6399a5ba28e370771bd58ae8c95c7628e0c9b3363

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page