HI need to update the cert files on the machine you selected on the Log Source config.
On the office 365 you should have something like this. That it's the name of the machine that will run the polling to grab the logs from office365, and that machine will need the certs.
There's a tool on QRadar called getcert.sh that will do the magic.
So you will need to go to the box (the machine identified before) and run something like this:
[root@qradar trusted_certificates]# cd /opt/qradar/conf/trusted_certificates/
[root@qradar trusted_certificates]# /opt/qradar/bin/getcert.sh manage.office.com
Pulling Certificate from [https://manage.office.com:443]
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
verify return:1
depth=0 C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = manage.office.com
verify return:1
DONE
Wrote file [/opt/qradar/conf/trusted_certificates/manage.office.com_443.crt]
[root@qradar trusted_certificates]# /opt/qradar/bin/getcert.sh login.windows.net
Pulling Certificate from [https://login.windows.net:443]
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
verify return:1
depth=0 C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = graph.windows.net
verify return:1
DONE
Wrote file [/opt/qradar/conf/trusted_certificates/login.windows.net_443.crt]
[root@qradar trusted_certificates]# ls -ltr |tail -2
-rw-r--r-- 1 root root 2480 May 5 15:17 manage.office.com_443.crt
-rw-r--r-- 1 root root 6034 May 5 15:17 login.windows.net_443.crt
Hope that works for you
------------------------------
Juan Paulo
IBM
Santiago
------------------------------
Original Message:
Sent: Wed May 04, 2022 02:31 AM
From: Akash Bhardwaj
Subject: Error - Testing SSL connection to manage.office.com:443
Do I need to update these files in Qradar?
------------------------------
Akash Bhardwaj
Original Message:
Sent: Tue May 03, 2022 03:06 AM
From: Vladx(x)
Subject: Error - Testing SSL connection to manage.office.com:443
As far as I remember we had to add related certs to /opt/qradar/conf/trusted_certificates in DER format
login.windows.net_443.DER
manage.office.com_443.DER
------------------------------
Vladx(x)
Original Message:
Sent: Mon May 02, 2022 03:42 AM
From: Akash Bhardwaj
Subject: Error - Testing SSL connection to manage.office.com:443
Getting an error while adding O365 as a log source. The connection is getting failed -
Error: Unable to connect to host [manage.office.com] on port [443]: java.net.SocketException: Connection reset
------------------------------
Akash Bhardwaj
------------------------------