Technical Tip: Handling Rate Limit Errors with FortiSOAR FortiSIEM Connector

sramanujam · ‎09-02-2024

Description	This article provides the solution to resolve the error message '{status code: 429, error: b'This source IP has reached the max limit of 10 concurrent queries, try again when the other queries have finished}' encountered when using the Fortinet FortiSIEM connector.
Scope	FortiSOAR v6.x, v7.x.
Solution	The restriction is on the FortiSIEM side rather than the FortiSOAR platform. Use the below steps to increase the API limit on FortiSIEM. Step 1: Log in to the FortiSIEM Supervisor via SSH or directly on the console. Navigate to the configuration directory where the phoenix_config.txt file is located. # cd /opt/phoenix/config/ Step 2: Open phoenix_config.txt using a text editor such as vi or nano. Locate or add the following configuration settings: # sudo vi phoenix_config.txt ... ... global_max_concurrent_public_api_requests=50 per_ip_max_concurrent_public_api_requests=10 ... ... Step 3: Increase the limits by modifying the values of global_max_concurrent_public_api_requests and per_ip_max_concurrent_public_api_requests according to the requirements. Step 4: Save the changes, exit the editor, and restart the relevant FortiSIEM services for the updated configuration to take effect.

You are leaving our website