SIEM & UEBA

Expand all | Collapse all

Fortisiem - Azure Government Cloud

  • 1.  Fortisiem - Azure Government Cloud

    Posted Mar 26, 2021 08:18 AM
    Has anyone had a luck connecting the SEIM to the azure government cloud at azure.us  All the fortisiem APIs appears to go to azure.com and I get the following error

    Confidential Client is not supported in Cross Cloud request.\r\nTrace ID: a5167bd1-ce86-45ab-a7d6-f1db1a16f600\r\nCorrelation ID: 3c191a9b-f2ef-4573-9c73-dbef821e55fd\r\nTimestamp: 2021-03-02 16:52:49Z","error_codes":[900382],"timestamp":"2021-03-02 16:52:4

    Which would seem to show that my credentials are not in the azure.com domain. And there doesn't appear to be able redirection to the azure.us domain.

    I have hacked the database to replace azure.com with azure.us, portal.azure.us, and various other urls but that didn't work either in the below documents



    https://docs.microsoft.com/en-us/azure/developer/python/azure-sdk-sovereign-domain
    https://docs.microsoft.com/en-us/azure/azure-government/compare-azure-government-global-azure#guidance-for-developers


    Any help would be appriciated


  • 2.  RE: Fortisiem - Azure Government Cloud

    GROUP ADMIN
    Posted Mar 26, 2021 08:30 AM
    Hi Kevin,

    I'm aware of an issue with this GCC integration and working to address it.

    Will revert back ASAP.

    Thanks

    Dan

    ------------------------------
    Daniel
    FortiSIEM Product Manager
    ------------------------------



  • 3.  RE: Fortisiem - Azure Government Cloud

    Posted Mar 26, 2021 09:15 AM
    Hi Kevin,

    I would urge you to contact FortiSIEM Support for more information on this.  I am not 100% sure, but I suspect that this isn't supported at the moment.  Once Support becomes aware of this, they can file a feature request on your behalf.

    Thanks!


  • 4.  RE: Fortisiem - Azure Government Cloud

    Posted Mar 26, 2021 09:30 AM
    I opened this ticket with them over 3 week ago. And have gotten nowhere so I figured I'd reach out the the community


  • 5.  RE: Fortisiem - Azure Government Cloud

    Posted Mar 26, 2021 10:59 AM
    Hi Kevin,

    Which integration did you try to configure? The office365 Management API has been fixed for this issue in v6.2 of FortiSIEM, allowing the .com and .us endpoints for Azure GCC and Azure GCC High.

    Azure GCC Login: login.microsoftonline.com
    Azure GCC API: manage-gcc.office.com

    Azure GCC High Login: login.microsoftonline.us
    Azure GCC High API: manage.office365.us

    If you are using another Azure integration type other than Office 365 let me know which one that is. 

    Thanks,


  • 6.  RE: Fortisiem - Azure Government Cloud

    Posted Mar 26, 2021 11:19 AM
    Using the Compute and EventHub