Office 365 FortiSIEM

gwaihir · ‎05-21-2024

Hi Fortinet Community, greetings.

I'm trying to integrate my office 365 tenant with FortiSIEM 7.1.5, I'm following this guide:

https://docs.fortinet.com/document/fortisiem/7.1.5/external-systems-configuration-guide/514932/micro...

And also turning on Microsoft 365 Audit following this guide:

https://learn.microsoft.com/en-us/purview/audit-log-enable-disable?tabs=microsoft-purview-portal

When testing connection without ping, the popup windows always show this and there are no pull events entry.

The FortiSIEM has fqdn with ssl certs, and works well with other integrations like cloud endpoints console, syslog, agent.

What could be the reason for this issue? there are a way to see logs of this office365 integration?

Thank you!

Jean-Philippe_P · ‎05-24-2024

Hello gwaihir,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Jean-Philippe - Fortinet Community Team

gwaihir · ‎05-24-2024

Thank you @Jean-Philippe_P for your reply.

I changed this line on phoenix_config.txt (there was the private IP)

parser_server_upload_host=my_fqdn
svn_server_upload_host=my_fqdn

Then I reregistered the collector again and it's works fine. But I don't know if this was the solution, before that there was no entry on pull events, just after the change.

That was the only change I did but have my doubts.

Thank you!