IBM QRadar

Hi,

I've been pointed to QRadar Community Edition to trial before we purchase the non community edition.
At the moment I'm struggling to get this set up properly to test it.

I'm trying to add an O365 connection, I've tried using both certificates and client secrets but both fail.

Using client secrets I get the error Failed to obtained Azure AD Access Token with supplied credentials :: null

If I use the below in CLI on the server it returns a token so the credentials are working fine

curl -X POST https://login.microsoftonline.com/<TENANT-ID>/oauth2/token \
  -d "grant_type=client_credentials" \
  -d "client_id=<CLIENT-ID>" \
  -d "client_secret=<CLIENT-SECRET>" \
  -d "resource=https://manage.office.com"

Where am I going wrong? As far as I can tell everything is up to date, we are running 7.5.0 UpdatePackage 12 (Build 20250509154206)

------------------------------
Matt T
------------------------------

This question looks similar to a reddit thread I responded to here: https://www.reddit.com/r/QRadar/comments/1lf6rfk/adding_log_source_o365_error/

Most likely issues:

1. Token issue (typo or space at end)
2. Time sync issue
3. Permission issue for user read event

I put the full details in the Reddit thread, with example commands on how to get your token and check event pulling from the CLI. There is also a follow-up response on how to run the commands if you have a corporate proxy in place. Check out the full details in the other thread or email me directly if you are stuck and need help due to this being QRadar Community Edition (see signature for contact info). 

------------------------------
Jonathan Pechta
IBM Security - Community of Practice Lead
jonathan.pechta1@ibm.com
------------------------------

Original Message:
Sent: Thu June 19, 2025 05:37 AM
From: Matt T
Subject: Error adding O365

Hi,

I've been pointed to QRadar Community Edition to trial before we purchase the non community edition.
At the moment I'm struggling to get this set up properly to test it.

I'm trying to add an O365 connection, I've tried using both certificates and client secrets but both fail.

Using client secrets I get the error Failed to obtained Azure AD Access Token with supplied credentials :: null

If I use the below in CLI on the server it returns a token so the credentials are working fine

curl -X POST https://login.microsoftonline.com/<TENANT-ID>/oauth2/token \
  -d "grant_type=client_credentials" \
  -d "client_id=<CLIENT-ID>" \
  -d "client_secret=<CLIENT-SECRET>" \
  -d "resource=https://manage.office.com"

Where am I going wrong? As far as I can tell everything is up to date, we are running 7.5.0 UpdatePackage 12 (Build 20250509154206)

------------------------------
Matt T
------------------------------