Hi everyone,

I'm facing an issue with the FortiSOAR connector Fortinet FortiSIEM v5.4.2 when trying to fetch associated events from FortiSIEM version 7.4.0.

The "Get Associated Events" action fails with the following error:

Error message:
Error: 400 - {"data":[],"result":{"code":255,"description":"Invalid Query Id"}}
Connector: fortinet-fortisiemV5.4.2
Call to URL: https://localhost:9595/integration/execute/ failed with status code 400
Status: failed

The same playbook works fine with FortiSIEM version 7.3.2.

It appears the issue is related to how the connector handles the Query ID returned from the endpoint:
/phoenix/rest/pub/incident/triggeringEvents/start

This endpoint is used in the get_associated_events_new function of the FortiSIEM connector v5.4.2.

Has anyone else encountered this issue or found a workaround for FortiSIEM v7.4.0?

Thanks in advance!