Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

KevinCanalichio
New Contributor II

Fortisiem - Azure Government Cloud

Has anyone had a luck connecting the SEIM to the azure government cloud at azure.us  All the fortisiem APIs appears to go to azure.com and I get the following error

Confidential Client is not supported in Cross Cloud request.\r\nTrace ID: a5167bd1-ce86-45ab-a7d6-f1db1a16f600\r\nCorrelation ID: 3c191a9b-f2ef-4573-9c73-dbef821e55fd\r\nTimestamp: 2021-03-02 16:52:49Z","error_codes":[900382],"timestamp":"2021-03-02 16:52:4

Which would seem to show that my credentials are not in the azure.com domain. And there doesn't appear to be able redirection to the azure.us domain.

I have hacked the database to replace azure.com with azure.us, portal.azure.us, and various other urls but that didn't work either in the below documents



https://docs.microsoft.com/en-us/azure/developer/python/azure-sdk-sovereign-domain
https://docs.microsoft.com/en-us/azure/azure-government/compare-azure-government-global-azure#guidance-for-developers


Any help would be appriciated
5 REPLIES 5
FSM_FTNT
Staff
Staff

Hi Kevin,

I'm aware of an issue with this GCC integration and working to address it.

Will revert back ASAP.

Thanks

Dan

------------------------------
Daniel
FortiSIEM Product Manager
------------------------------
KenMick
Staff
Staff

Hi Kevin,

I would urge you to contact FortiSIEM Support for more information on this.  I am not 100% sure, but I suspect that this isn't supported at the moment.  Once Support becomes aware of this, they can file a feature request on your behalf.

Thanks!
[FirstName]
[JobTitle]
KevinCanalichio

I opened this ticket with them over 3 week ago. And have gotten nowhere so I figured I'd reach out the the community
RobertEvans

Hi Kevin,

Which integration did you try to configure? The office365 Management API has been fixed for this issue in v6.2 of FortiSIEM, allowing the .com and .us endpoints for Azure GCC and Azure GCC High.

Azure GCC Login: login.microsoftonline.com
Azure GCC API: manage-gcc.office.com

Azure GCC High Login: login.microsoftonline.us
Azure GCC High API: manage.office365.us

If you are using another Azure integration type other than Office 365 let me know which one that is. 

Thanks,
KevinCanalichio

Using the Compute and EventHub