Hello Everyone,

I need help to ingest data from FortiSOAR (Version: 7.6.2-5507) Threat Feed into Threat Feed downloader of Qradar using the Threat Intelligence App. 

After configuring the FortiSOAR Threat feed and creating sample datasets, I tried using that in the Threat Intelligence App/Threat Feed Downloader. I selected TAXII version 2.0 during configuration since qradar supports TAXII 1.x or 2.0 as per the wizard. The setup wizard completed successfully, and I was able to select the desired dataset that we had configured in FortiSOAR. However, after completing the setup, polling the connector does not result in any signature/observable downloads. Additionally, the following errors are logged in the QRadar log file:

===================================
2025-06-27 16:25:03,286 [com.ibm.ThreatIntelligence] [taxii_ctxt.py:698] [INFO] - Retrieving observables from https://soar123:443/api/taxii/1/collections for collection 66156f6b-28ed-4d26-ba3d-5a44322486ef between 2025-06-27T10:29:26Z and 2025-06-27T10:55:03Z...
2025-06-27 16:25:05,610 [com.ibm.ThreatIntelligence] [taxii_ctxt.py:789] [ERROR] - Unable to retrieve STIX 2.0 observable(s) from https://soar123:443/api/taxii/1/collections; Unexpected Response. Got Content-Type: 'application/taxii+json;version=2.1' for Accept: 'application/vnd.oasis.taxii+json; version=2.0'
If you are trying to contact a TAXII 2.0 Server use 'from taxii2client.v20 import X'
If you are trying to contact a TAXII 2.1 Server use 'from taxii2client.v21 import X'
2025-06-27 16:25:05,610 [com.ibm.ThreatIntelligence] [poll.py:92] [INFO] - Updating QRadar with observables from collection 66156f6b-28ed-4d26-ba3d-5a44322486ef found in TAXII feed https://soar123:443/api/taxii/1/collections
===================================

Has anyone encountered this issue and discovered a workaround that can be applied on the FortiSOAR side —such as downgrading the TAXII version from 2.1 to 2.0?

Thanks,
-Rohan