Help
FortiSOAR Discussions
adem_netsys
Contributor

Created on ‎02-06-2024 09:57 AM

FortiSIEM to SOAR

Hi guys,

 

I am trying to integrate FortiSIEM with Soar. I have a multitenant structure in SIEM and logs come here. When I enter the name in the organisation tenant structure in the Soar integration, I get an error in the healtcheck section, but when I enter Super, I do not encounter a problem, but this time I cannot pull it to Soar because there is no log in the Super section.

1032
0 Kudos
7 REPLIES 7
rvishwakarma
Staff
Staff

Created on ‎02-06-2024 07:23 PM

Hi, 

Are you able to login to the FortiSIEM UI using the same creds and organisation?

 

Ensure the user which you are trying to authenticate belong to that organisation.

Screenshot 2024-02-07 at 8.44.17 AM.png

1009
0 Kudos
adem_netsys
Contributor
In response to rvishwakarma

Created on ‎02-07-2024 03:39 AM

Hi @rvishwakarma 

Yes, I can see it and I can log in with it. I get confirmation with this credential information on Soar, but when I trigger it, it gives an error in the playbook.

986
0 Kudos
rvishwakarma
Staff
Staff
In response to adem_netsys

Created on ‎02-07-2024 06:46 AM

Can you please share the logs and screenshot of the error you are encountering? 
Also need the details like the FortiSOAR version, FortiSIEM connector version, and FortiSIEM setup version?

973
0 Kudos
adem_netsys
Contributor
In response to rvishwakarma

Created on ‎02-07-2024 12:44 PM

I've soar 7.4.0 version, also connector 7.0.2 version. Ekran görüntüsü 2024-02-07 232623.png

957
0 Kudos
rvishwakarma
Staff
Staff
In response to adem_netsys

Created on ‎02-08-2024 07:16 AM

1. Please check the mapping for the Tenant in the Create Record step:

Screenshot 2024-02-08 at 3.57.20 PM.png

 

2. Check the { FortiSIEM Organisation : FortiSOAR Tenant } mapping on the Data Ingestion configuration page.

Screenshot 2024-02-08 at 4.02.16 PM.png

 

3. Also, any modification in the Alerts Module may have caused this issue.


For deeper troubleshooting, we'll need logs from various services. Feel free to raise a ticket with our TAC/Support team for assistance.

910
0 Kudos
adem_netsys
Contributor
In response to rvishwakarma

Created on ‎02-13-2024 12:05 AM

Hi @rvishwakarma 

Sorry for the late reply, I could not see your answer. I've checked the my configuration. I'm not sure if I should change the name of the organisation here.

 

Ekran görüntüsü 2024-02-13 110114.pngEkran görüntüsü 2024-02-13 110212.png

 

871
0 Kudos
rvishwakarma
Staff
Staff
In response to adem_netsys

Created on ‎02-14-2024 10:37 PM Edited on ‎02-14-2024 10:45 PM

Hi @adem_netsys,
recommend raising a TAC ticket with our support team.
After reviewing the error message, It seems to have originated from the platform level. That would require getting hold of your environment and gather various logs.

Contact FortiCare Technical Support

834
0 Kudos
Announcements

Welcome to your new FortiSOAR Community!

View More

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.