Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevice
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiSASE Sovereign
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiSOAR Discussions
- Fortinet Community
- Community Groups
- FortiSOAR
- Discussions
- Re: FortiSOAR Connector "Fortinet FortiSIEM v5.4.2...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiSOAR Connector "Fortinet FortiSIEM v5.4.2" – "Get Associated Events" Fails for FortiSIEM v7.4.0
Hi everyone,
I'm facing an issue with the FortiSOAR connector Fortinet FortiSIEM v5.4.2 when trying to fetch associated events from FortiSIEM version 7.4.0.
The "Get Associated Events" action fails with the following error:
Error message:
Error: 400 - {"data":[],"result":{"code":255,"description":"Invalid Query Id"}}
Connector: fortinet-fortisiemV5.4.2
Call to URL: https://localhost:9595/integration/execute/ failed with status code 400
Status: failed
The same playbook works fine with FortiSIEM version 7.3.2.
It appears the issue is related to how the connector handles the Query ID returned from the endpoint:
/phoenix/rest/pub/incident/triggeringEvents/start
This endpoint is used in the get_associated_events_new function of the FortiSIEM connector v5.4.2.
Has anyone else encountered this issue or found a workaround for FortiSIEM v7.4.0?
Thanks in advance!
arif
arif
Labels:
- Labels:
-
FortiSIEM v7.4.x
-
FortiSOAR v7.6
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @beingarif ,
Few internal code modification can fix this issue and this would be enhanced in upcoming releases.
Could you open a ticket under registered FortiSOAR product and I will inform engineer to update you. Do post this thread in ticket description.
Regards,
Prem Chander R
Prem Chander R
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
However do note issue could be from FortiSIEM end as well .
Regards,
Prem Chander R
Prem Chander R
Labels
-
FortiSOAR
73 -
Connector
8 -
FortiSOAR v7.x
6 -
FortiSOAR v7.6
6 -
SOAR
5 -
playbooks
3 -
Jinja
3 -
Schedule
2 -
FortiSOAR 7.4.0
2 -
FortiSOAR 7.5
2 -
Threat Intel Management
2 -
FortiSIEM
2 -
RegionalSOC
1 -
enrichement
1 -
Splunk_ingestion
1 -
FortiSIEM v7.4.x
1 -
ution
1 -
crowdstrike
1 -
CMDB
1 -
Update Record Correlations
1 -
Data Ingestion
1 -
Queued Workflow
1 -
poonvert
1 -
HybridAnalysis
1 -
alert
1 -
Forcepoint
1 -
secret management
1 -
queue and shift management
1 -
templates
1 -
related modules
1 -
Artificial intelligence
1 -
fields
1 -
FortiSOAR Awards
1 -
Microsoft Exchange Connector
1 -
Staging
1 -
External Postgresql DB
1 -
Content-Hub
1 -
splunk
1 -
Vault
1 -
secrets
1 -
FortiSOAR v7.2.x
1 -
FortiAnalyzer
1 -
FortiGuard
1 -
FortiWeb
1 -
FortiEDR
1 -
upgrade
1 -
Machine Learning
1 -
performance
1 -
API
1 -
Azure
1 -
Admin Access
1 -
License
1 -
Arrow
1 -
Time
1 -
Trial
1 -
Query
1 -
FortiSOAR v7.4.x
1 -
FortiSOAR 7.3.x
1 -
Upgrading FortiSOAR
1 -
Playbook
1 -
People
1 -
TAXII
1 -
SOC
1 -
secops
1 -
FortiSASE
1 -
C
1 -
Asset
1 -
Threat feed
1 -
indicators
1 -
FortiGate
1 -
loops
1 -
ClickHouse
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.