Getting Started

Install

pip install pyfsr

Optional extras:

pip install "pyfsr[mcp]"    # bundled Model Context Protocol server
pip install "pyfsr[dev]"    # linters + test + docs + mcp extras

Connect

Create a FortiSOAR client with either an API token or a (username, password) tuple:

from pyfsr import FortiSOAR

# API token (recommended)
client = FortiSOAR("soar.example.com", "your-api-token")

# Username / password
client = FortiSOAR("soar.example.com", ("admin", "password"))

For self-signed appliances you can disable certificate verification (and silence the resulting warnings):

client = FortiSOAR(
    "soar.example.com",
    "your-api-token",
    verify_ssl=False,
    suppress_insecure_warnings=True,
)

See Authentication for environment-based config.

First calls

# Typed, module-specific API
alerts = client.alerts.list()
alert = client.alerts.get("alert-uuid")

# Generic CRUD against any module
incidents = client.records("incidents")
incident = incidents.get("incident-uuid")

# Raw REST escape hatch
data = client.get("/api/3/alerts")

Creating records & picklists

Picklist fields (severity, status, …) are stored as IRIs, not friendly strings — but pyfsr resolves friendly values for you automatically, so you can just pass "High":

alert = client.alerts.create(
    name="Test Alert",
    description="This is a test alert",
    severity="High",        # resolved to its IRI automatically
)

# Same on the generic record path:
client.records("incidents").create({"name": "Breach", "severity": "Critical"})

Note

Resolution is on by default. Pass resolve_picklists=False to skip it (and the metadata lookup it needs) when every value is already an IRI.

Next steps

• Working with Records — generic CRUD and typed models

• Querying — the fluent Query DSL

• AI & Agents — drive FortiSOAR from an LLM