Skip to main content

FortiSIEM

Details
Content
Dependencies
Version History

Download With Dependencies

Search and update events of FortiSIEM and manage resource lists.

FortiSIEM

Use FortiSIEM v2 to fetch and update incidents, search events and manage watchlists of FortiSIEM.

FortiSIEM

Use FortiSIEM v2 to fetch and update incidents, search events and manage watchlists of FortiSIEM.

Classifiers

Name	Description
FortiSIEM v2

Incident Fields

Name	Description
FortiSIEM Incident Report Device Name
FortiSIEM Destination User
FortiSIEM Events
FortiSIEM Attack Tactics
FortiSIEM Event Type
FortiSIEM Incident Severity
FortiSIEM Incident Reporter IP
FortiSIEM Status
FortiSIEM Incident Last Seen
FortiSIEM Events Count
FortiSIEM Resolution Status
FortiSIEM Incident ID
FortiSIEM Incident First Seen

Incident Types

Name	Description
FortiSIEM

Integrations

Name	Description
FortiSIEM	Search and update events of FortiSIEM and manage resource lists.
FortiSIEM v2	Use FortiSIEM v2 to fetch and update incidents, search events and manage watchlists of FortiSIEM.

Layouts

Name	Description
FortiSIEM incident Layout

Playbooks

Name	Description
GenericPolling-FortiSIEM	This playbook executes a search query to retrieve FortiSIEM Events.

Classifiers

Name	Description
FortiSIEM v2

Incident Fields

Name	Description
FortiSIEM Events
FortiSIEM Resolution Status
FortiSIEM Destination User
FortiSIEM Events Count
FortiSIEM Incident Last Seen
FortiSIEM Status
FortiSIEM Event Type
FortiSIEM Incident Severity
FortiSIEM Attack Tactics
FortiSIEM Incident Reporter IP
FortiSIEM Incident ID
FortiSIEM Incident Report Device Name
FortiSIEM Incident First Seen

Incident Types

Name	Description
FortiSIEM

Integrations

Name	Description
FortiSIEM v2	Use FortiSIEM v2 to fetch and update incidents, search events and manage watchlists of FortiSIEM.
FortiSIEM	Search and update events of FortiSIEM and manage resource lists.

Playbooks

Name	Description
GenericPolling-FortiSIEM	This playbook executes a search query to retrieve FortiSIEM Events.

Required Content Packs (3)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Common Types	By: Cortex XSOAR

All level dependencies (6)

Pack Name	Pack By
Aggregated Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Base	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR

2.0.45 - 7217627 (February 18, 2026)

Integrations

FortiSIEM v2

Improved fetch performance by fetching events for incidents concurrently (in parallel) instead of sequentially.
Added configuration sections to organize integration parameters into logical groups for improved usability.
Updated the Docker image to: demisto/python3:3.12.12.7090913.

Related pull requests:
- 43102

Download

2.0.44 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

2.0.43 - 4583601 (August 20, 2025)

Integrations

FortiSIEM

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40710

Download

2.0.42 - 4096037 (July 8, 2025)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40498

Download

2.0.41 - R3980324 (June 26, 2025)

Integrations

FortiSIEM

Metadata and documentation improvements.

FortiSIEM v2

Metadata and documentation improvements.

Related pull requests:
- 39143

Download

2.0.40 - R2988527 (March 26, 2025)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.11.11.1940698.

Related pull requests:
- 38013

Download

2.0.39 - R1741355 (December 3, 2024)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404

Download

2.0.38 - 1675652 (November 20, 2024)

Integrations

FortiSIEM

Updated the Docker image to: demisto/python3:3.11.10.116439.

Related pull requests:
- 37271

Download

2.0.37 - R1340401 (September 3, 2024)

Integrations

FortiSIEM v2

Updated the integration documentation to clarify that the Fetch with Events fetch mode, as well as the fortisiem-event-search command, are supported only for FortiSiem version 6.6 and earlier due to changes affecting backward compatibility in subsequent versions of FortiSiem.

Related pull requests:
- 35917

Download

2.0.36 - 1259921 (August 11, 2024)

Integrations

FortiSIEM v2

Maintenance and stability enhancements.

Related pull requests:
- 35643

Download

2.0.35 - R1051712 (May 28, 2024)

Integrations

FortiSIEM v2

Fixed an issue where the fetch-incident command failed to parse the time field correctly.

Related pull requests:
- 34053

Download

2.0.34 - 938811 (April 7, 2024)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.14.91134.

Related pull requests:
- 33675

Download

2.0.33 - 865088 (March 3, 2024)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.88772.

Related pull requests:
- 33184

Download

2.0.32 - 823153 (February 12, 2024)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.87159.

Related pull requests:
- 32837

Download

2.0.31 - 798475 (February 1, 2024)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32519

Download

2.0.30 - 757686 (January 11, 2024)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 32061

Download

2.0.29 - 7209615 (December 19, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31550

Download

2.0.28 - 7122577 (December 10, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.82980.

Related pull requests:
- 31371

Download

2.0.27 - 7066068 (December 4, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.82076.

Related pull requests:
- 31286

Download

2.0.26 - 7029664 (November 30, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.81631.

Related pull requests:
- 31214

Download

2.0.25 - 6965450 (November 22, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.80593.

Related pull requests:
- 31024

Download

2.0.24 - 6808171 (November 6, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.78960.

Related pull requests:
- 30669

Download

2.0.23 - 6636841 (October 18, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.77674.

Related pull requests:
- 30234

Download

2.0.22 - 6592021 (October 13, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.75921.

Related pull requests:
- 30134

Download

2.0.21 - 6313394 (September 13, 2023)

Integrations

FortiSIEM v2

Fixed an issue where the fetch-incidents command failed when fetching an incident without a title.
Updated the Docker image to: demisto/python3:3.10.13.73190.

Related pull requests:
- 29458

Download

2.0.20 - 6234071 (September 4, 2023)

Integrations

FortiSIEM

Updated the Docker image to: demisto/python3:3.10.13.72123.

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.72123.

Related pull requests:
- 29430

Download

2.0.19 - 6122748 (August 22, 2023)

Integrations

FortiSIEM

Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 29133

Download

2.0.18 - 6080447 (August 17, 2023)

Integrations

FortiSIEM v2

Fixed an issue in the fetch-incidents command where an incident without events would cause the command to fail.
Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 28974

Download

2.0.17 - 6010750 (August 10, 2023)

Integrations

FortiSIEM v2

Fixed an issue in the fetch-incidents command where an empty incident attribute would cause the command to fail.
Updated the Docker image to: demisto/python3:3.10.12.68300.

Related pull requests:
- 28712

Download

2.0.16 - 5940472 (August 2, 2023)

Integrations

FortiSIEM

Updated the Docker image to: demisto/python3:3.10.12.66339.

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.12.66339.

Related pull requests:
- 28699

Download

2.0.15 - 5810923 (July 19, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.12.65389.

Related pull requests:
- 28274

Download

2.0.14 - R5801668 (July 18, 2023)

Integrations

FortiSIEM

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27802

Download

2.0.13 - 5588925 (June 22, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27628

Download

2.0.12 - 5470583 (June 7, 2023)

Integrations

FortiSIEM

Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 27272

Download

2.0.11 - 5356324 (May 24, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 26963

Download

2.0.10 - 5226855 (May 9, 2023)

Integrations

FortiSIEM v2

Fixed a library incompatibility by downgrading the Docker image to: demisto/python3:3.10.11.54132.

Related pull requests:
- 26405

Download

2.0.9 - 5204212 (May 6, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.11.57293.

Related pull requests:
- 26341

Download

2.0.8 - R5170573 (May 2, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.11.54132.

Related pull requests:
- 25992

Download

2.0.7 - 4967142 (April 4, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.10.51930.

Related pull requests:
- 25718

Download

2.0.6 - R4954430 (April 2, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.10.49934.

Related pull requests:
- 25363

Download

2.0.5 - R4718798 (March 1, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24702

Download

2.0.4 - R4618697 (February 15, 2023)

Layouts

FortiSIEM incident Layout
This item is no longer supported in XSIAM.

Related pull requests:
- 24221

Download

2.0.3 - 3635034 (September 10, 2022)

Integrations

FortiSIEM

Updated the Docker image to: demisto/python3:3.10.6.33415.

Related pull requests:
- 20986

Download

2.0.2 - 2836953 (April 28, 2022)

Integrations

Google Sheets

Updated formatting of integration parameters.

2.0.1 - 2816986 (April 25, 2022)

Integrations

FortiSIEM

Updated the Docker image to: demisto/python:2.7.18.27799.

2.0.0 - 2813273 (April 25, 2022)

Incident Fields

FortiSIEM Incident Last Seen
FortiSIEM Incident First Seen
FortiSIEM Event Type
FortiSIEM Incident ID
FortiSIEM Incident Reporter IP
FortiSIEM Events
FortiSIEM Incident Report Device Name
FortiSIEM Events Count
FortiSIEM Status
FortiSIEM Destination User
FortiSIEM Attack Tactics
FortiSIEM Resolution Status
FortiSIEM Incident Severity

Incident Types

FortiSIEM

Integrations

FortiSIEM

Updated formatting of integration parameters.

New: FortiSIEM v2

Use FortiSIEM v2 to fetch and update incidents, search events and manage watchlists of FortiSIEM. (Available from Cortex XSOAR 6.0.0).

Layouts

New: FortiSIEM incident Layout
(Available from Cortex XSOAR 6.0.0).

Mappers

New: FortiSIEM v2

(Available from Cortex XSOAR 6.0.0).

Playbooks

New: GenericPolling-FortiSIEM

(Available from Cortex XSOAR 6.0.0).

1.0.4 - R2146019 (December 21, 2021)

Integrations

FortiSIEM

Updated the Docker image to: demisto/python:2.7.18.24398.

2.0.45 - 7217627 (February 18, 2026)

Integrations

FortiSIEM v2

Improved fetch performance by fetching events for incidents concurrently (in parallel) instead of sequentially.
Added configuration sections to organize integration parameters into logical groups for improved usability.
Updated the Docker image to: demisto/python3:3.12.12.7090913.

Related pull requests:
- 43102

Download

2.0.44 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

2.0.43 - 4583601 (August 20, 2025)

Integrations

FortiSIEM

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40710

Download

2.0.42 - 4096037 (July 8, 2025)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40498

Download

2.0.41 - R3980324 (June 26, 2025)

Integrations

FortiSIEM

Metadata and documentation improvements.

FortiSIEM v2

Metadata and documentation improvements.

Related pull requests:
- 39143

Download

2.0.40 - R2988527 (March 26, 2025)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.11.11.1940698.

Related pull requests:
- 38013

Download

2.0.39 - R1741355 (December 3, 2024)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37407
- 37402
- 37403
- 37405
- 37406
- 37404

Download

2.0.38 - 1675652 (November 20, 2024)

Integrations

FortiSIEM

Updated the Docker image to: demisto/python3:3.11.10.116439.

Related pull requests:
- 37271

Download

2.0.37 - R1340401 (September 3, 2024)

Integrations

FortiSIEM v2

Updated the integration documentation to clarify that the Fetch with Events fetch mode, as well as the fortisiem-event-search command, are supported only for FortiSiem version 6.6 and earlier due to changes affecting backward compatibility in subsequent versions of FortiSiem.

Related pull requests:
- 35917

Download

2.0.36 - 1259921 (August 11, 2024)

Integrations

FortiSIEM v2

Maintenance and stability enhancements.

Related pull requests:
- 35643

Download

2.0.35 - R1051712 (May 28, 2024)

Integrations

FortiSIEM v2

Fixed an issue where the fetch-incident command failed to parse the time field correctly.

Related pull requests:
- 34053

Download

2.0.34 - 938811 (April 7, 2024)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.14.91134.

Related pull requests:
- 33675

Download

2.0.33 - 865088 (March 3, 2024)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.88772.

Related pull requests:
- 33184

Download

2.0.32 - 821588 (February 12, 2024)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.87159.

Related pull requests:
- 32837

Download

2.0.31 - 795978 (January 31, 2024)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.86272.

Related pull requests:
- 32519

Download

2.0.30 - 757686 (January 11, 2024)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 32061

Download

2.0.29 - 7209615 (December 19, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31550

Download

2.0.28 - 7122577 (December 10, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.82980.

Related pull requests:
- 31371

Download

2.0.27 - 7066068 (December 4, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.82076.

Related pull requests:
- 31286

Download

2.0.26 - 7029664 (November 30, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.81631.

Related pull requests:
- 31214

Download

2.0.25 - 6965450 (November 22, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.80593.

Related pull requests:
- 31024

Download

2.0.24 - 6808171 (November 6, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.78960.

Related pull requests:
- 30669

Download

2.0.23 - 6636841 (October 18, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.77674.

Related pull requests:
- 30234

Download

2.0.22 - 6592021 (October 13, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.75921.

Related pull requests:
- 30134

Download

2.0.21 - 6313394 (September 13, 2023)

Integrations

FortiSIEM v2

Fixed an issue where the fetch-incidents command failed when fetching an incident without a title.
Updated the Docker image to: demisto/python3:3.10.13.73190.

Related pull requests:
- 29458

Download

2.0.20 - 6234071 (September 4, 2023)

Integrations

FortiSIEM

Updated the Docker image to: demisto/python3:3.10.13.72123.

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.13.72123.

Related pull requests:
- 29430

Download

2.0.19 - 6122748 (August 22, 2023)

Integrations

FortiSIEM

Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 29133

Download

2.0.18 - 6080447 (August 17, 2023)

Integrations

FortiSIEM v2

Fixed an issue in the fetch-incidents command where an incident without events would cause the command to fail.
Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 28974

Download

2.0.17 - 6010750 (August 10, 2023)

Integrations

FortiSIEM v2

Fixed an issue in the fetch-incidents command where an empty incident attribute would cause the command to fail.
Updated the Docker image to: demisto/python3:3.10.12.68300.

Related pull requests:
- 28712

Download

2.0.16 - 5940472 (August 2, 2023)

Integrations

FortiSIEM

Updated the Docker image to: demisto/python3:3.10.12.66339.

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.12.66339.

Related pull requests:
- 28699

Download

2.0.15 - 5810923 (July 19, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.12.65389.

Related pull requests:
- 28274

Download

2.0.14 - 5649943 (June 29, 2023)

Integrations

FortiSIEM

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27802

Download

2.0.13 - 5588925 (June 22, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27628

Download

2.0.12 - 5470583 (June 7, 2023)

Integrations

FortiSIEM

Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 27272

Download

2.0.11 - 5356324 (May 24, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 26963

Download

2.0.10 - 5226855 (May 9, 2023)

Integrations

FortiSIEM v2

Fixed a library incompatibility by downgrading the Docker image to: demisto/python3:3.10.11.54132.

Related pull requests:
- 26405

Download

2.0.9 - 5204212 (May 6, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.11.57293.

Related pull requests:
- 26341

Download

2.0.8 - R5170573 (May 2, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.11.54132.

Related pull requests:
- 25992

Download

2.0.7 - 4967142 (April 4, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.10.51930.

Related pull requests:
- 25718

Download

2.0.6 - R4954430 (April 2, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.10.49934.

Related pull requests:
- 25363

Download

2.0.5 - R4718798 (March 1, 2023)

Integrations

FortiSIEM v2

Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24702

Download

2.0.4 - R4628232 (February 16, 2023)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 24221

Download

2.0.3 - 3635034 (September 10, 2022)

Integrations

FortiSIEM

Updated the Docker image to: demisto/python3:3.10.6.33415.

Related pull requests:
- 20986

Download

2.0.2 - 2836953 (April 28, 2022)

Integrations

Google Sheets

Updated formatting of integration parameters.

2.0.1 - 2816986 (April 25, 2022)

Integrations

FortiSIEM

Updated the Docker image to: demisto/python:2.7.18.27799.

2.0.0 - 2813273 (April 25, 2022)

Incident Fields

FortiSIEM Incident Last Seen
FortiSIEM Incident First Seen
FortiSIEM Event Type
FortiSIEM Incident ID
FortiSIEM Incident Reporter IP
FortiSIEM Events
FortiSIEM Incident Report Device Name
FortiSIEM Events Count
FortiSIEM Status
FortiSIEM Destination User
FortiSIEM Attack Tactics
FortiSIEM Resolution Status
FortiSIEM Incident Severity

Incident Types

FortiSIEM

Integrations

FortiSIEM

Updated formatting of integration parameters.

New: FortiSIEM v2

Use FortiSIEM v2 to fetch and update incidents, search events and manage watchlists of FortiSIEM. (Available from Cortex XSOAR 6.0.0).

Layouts

New: FortiSIEM incident Layout
(Available from Cortex XSOAR 6.0.0).

Mappers

New: FortiSIEM v2

(Available from Cortex XSOAR 6.0.0).

Playbooks

New: GenericPolling-FortiSIEM

(Available from Cortex XSOAR 6.0.0).

1.0.4 - R2146019 (December 21, 2021)

Integrations

FortiSIEM

Updated the Docker image to: demisto/python:2.7.18.24398.

PUBLISHER

Cortex

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	November 9, 2020
Last Release	February 18, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

FortiSIEM

FortiSIEM v2

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.