First of all from the Supervisor or Collector used for discovery, validate outbound connectivity to OCI endpoints.

Run the following commands:

curl -sv https://audit.ap-mumbai-1.oraclecloud.com 
curl -sv https://cell-1.streaming.ap-mumbai-1.oci.oraclecloud.com 
curl -sv https://objectstorage.ap-mumbai-1.oci.oraclecloud.com 

Successful TLS handshake and HTTP response confirm network connectivity.

FortiSIEM GUI -> Admin -> Setup -> Access Methods.

Access Method Definition example:

Now check the connectivity from the backend by connecting via SSH to the Collector used for discovery and navigate to the following directory:

cd /opt/phoenix/bin/

Test format (for reference):

#OracleOCIAuditAgent(messageEndpoint,streamOcid,privateKeyFile,configFile,

group,instance,testFlag,logsHeader,runningTime)

For example:

# ./OracleOCIAgent.py https://cell-1.streaming.us-test-1.oci.oraclecloud.com ocid1.stream.oc1.iad.am..123 /home/phoenix/.oci/ocm.pem /home/phoenix/.oci/config Oracle_Cloud FSM_Collector_01 true OCI_AUDIT_LOG 6

testFlag=true validates connectivity without ingesting live data. If the there is no error then set the flag for false for live connection.

# ./OracleOCIAgent.py https://cell-1.streaming.us-test-1.oci.oraclecloud.com ocid1.stream.oc1.iad.am..123 /home/phoenix/.oci/ocm.pem /home/phoenix/.oci/config Oracle_Cloud FSM_Collector_01 false OCI_AUDIT_LOG 6

If everything has proceeded as expected, the following results will be shown:

 
HAS_NEW_EVENTS

If all backend tests succeeded but the GUI is still failing, it is most likely due to the Private Key (.pem) file name. The PEM file mentioned in Access the method definition should not have any special characters.

For example: both oce-test@123.pem and oracle_Integartion.pem will fail.

Ensure that the PEM file mentioned does not have any special characters like '-'.

The FortiSIEM GUI fails to process file names with special characters during test validation.

After fixing this, the GUI will successfully integrate.