IBM Security MaaS360

In MaaS360 I would need to create an account that does not expire the password so I can use it to connect the MaaS360 as a logsource to QRadar.

If I create an account with the settings below, it will likely expire the password after some time.
An error is displayed in the QRadar MaaS360 settings logsource "Error - Unable to login to IBM Fiberlink REST API!"

The account used has the following roles:
Administrator
Administrator - Level 2
Portal Administrator
Read-Only
Service Administrator

How to properly create a MaaS360 account for this purpose?

------------------------------
Martin Hansgut
------------------------------

Have the admin account conditions changed recently? I set a new password, but I'm still getting an error "ERROR - Unable to login to IBM Fiberlink REST API!".

Can you tell me what to check?

------------------------------
Martin Hansgut
------------------------------

Original Message:
Sent: Tue March 17, 2020 01:30 PM
From: Martin Hansgut
Subject: Account for connecting MaaS360 as a logsource to QRadar.

In MaaS360 I would need to create an account that does not expire the password so I can use it to connect the MaaS360 as a logsource to QRadar.

If I create an account with the settings below, it will likely expire the password after some time.
An error is displayed in the QRadar MaaS360 settings logsource "Error - Unable to login to IBM Fiberlink REST API!"

The account used has the following roles:
Administrator
Administrator - Level 2
Portal Administrator
Read-Only
Service Administrator

How to properly create a MaaS360 account for this purpose?

------------------------------
Martin Hansgut
------------------------------

Hi Martin,

Can you reach out to me via email and I'll help you debug - I'll need to look up your account data - mshaver@us.ibm.com

------------------------------
Matt Shaver
System Architect
IBM
mshaver@us.ibm.com
------------------------------

Original Message:
Sent: Mon March 23, 2020 12:10 PM
From: Martin Hansgut
Subject: Account for connecting MaaS360 as a logsource to QRadar.

Have the admin account conditions changed recently? I set a new password, but I'm still getting an error "ERROR - Unable to login to IBM Fiberlink REST API!".

Can you tell me what to check?

------------------------------
Martin Hansgut

Original Message:
Sent: Tue March 17, 2020 01:30 PM
From: Martin Hansgut
Subject: Account for connecting MaaS360 as a logsource to QRadar.

In MaaS360 I would need to create an account that does not expire the password so I can use it to connect the MaaS360 as a logsource to QRadar.

If I create an account with the settings below, it will likely expire the password after some time.
An error is displayed in the QRadar MaaS360 settings logsource "Error - Unable to login to IBM Fiberlink REST API!"

The account used has the following roles:
Administrator
Administrator - Level 2
Portal Administrator
Read-Only
Service Administrator

How to properly create a MaaS360 account for this purpose?

------------------------------
Martin Hansgut
------------------------------

Hello Martin, I am facing the same error if you can help me regarding that.

------------------------------
Raheel Asim
------------------------------

Original Message:
Sent: Mon March 23, 2020 12:10 PM
From: Martin Hansgut
Subject: Account for connecting MaaS360 as a logsource to QRadar.

Have the admin account conditions changed recently? I set a new password, but I'm still getting an error "ERROR - Unable to login to IBM Fiberlink REST API!".

Can you tell me what to check?

------------------------------
Martin Hansgut

Original Message:
Sent: Tue March 17, 2020 01:30 PM
From: Martin Hansgut
Subject: Account for connecting MaaS360 as a logsource to QRadar.

In MaaS360 I would need to create an account that does not expire the password so I can use it to connect the MaaS360 as a logsource to QRadar.

If I create an account with the settings below, it will likely expire the password after some time.
An error is displayed in the QRadar MaaS360 settings logsource "Error - Unable to login to IBM Fiberlink REST API!"

The account used has the following roles:
Administrator
Administrator - Level 2
Portal Administrator
Read-Only
Service Administrator

How to properly create a MaaS360 account for this purpose?

------------------------------
Martin Hansgut
------------------------------

Hello Raheel,
the account type must be "script only" to prevent password expiration. Furthermore, the MaaS360 certificate which is in QRadar must be in DER format and must not be expired.

------------------------------
Martin Hansgut
------------------------------

Original Message:
Sent: Mon June 21, 2021 04:30 AM
From: Raheel Asim
Subject: Account for connecting MaaS360 as a logsource to QRadar.

Hello Martin, I am facing the same error if you can help me regarding that.

------------------------------
Raheel Asim

Original Message:
Sent: Mon March 23, 2020 12:10 PM
From: Martin Hansgut
Subject: Account for connecting MaaS360 as a logsource to QRadar.

Have the admin account conditions changed recently? I set a new password, but I'm still getting an error "ERROR - Unable to login to IBM Fiberlink REST API!".

Can you tell me what to check?

------------------------------
Martin Hansgut

Original Message:
Sent: Tue March 17, 2020 01:30 PM
From: Martin Hansgut
Subject: Account for connecting MaaS360 as a logsource to QRadar.

In MaaS360 I would need to create an account that does not expire the password so I can use it to connect the MaaS360 as a logsource to QRadar.

If I create an account with the settings below, it will likely expire the password after some time.
An error is displayed in the QRadar MaaS360 settings logsource "Error - Unable to login to IBM Fiberlink REST API!"

The account used has the following roles:
Administrator
Administrator - Level 2
Portal Administrator
Read-Only
Service Administrator

How to properly create a MaaS360 account for this purpose?

------------------------------
Martin Hansgut
------------------------------

Once again, I got to the state where LogSource MaaS360 gives me the error "Error - Unable to login to IBM Fiberlink REST API!"

Uploading a new certificate helped last time, but this time I'm not doing well or I'm making a mistake somewhere.

I proceeded as follows:

• I downloaded the certificate from the URL https://services.m2.maas360.com
• Apparently the certificate is in DER format, but the file has a .cer extension, so I renamed it to .der.
• I copied the certificate file to the directory /opt/qradar/conf/trusted_certificates
• I didn't take any further steps.

Did I forget something?

------------------------------
Martin Hansgut


Original Message:
Sent: Tue March 17, 2020 01:30 PM
From: Martin Hansgut
Subject: Account for connecting MaaS360 as a logsource to QRadar.

In MaaS360 I would need to create an account that does not expire the password so I can use it to connect the MaaS360 as a logsource to QRadar.

If I create an account with the settings below, it will likely expire the password after some time.
An error is displayed in the QRadar MaaS360 settings logsource "Error - Unable to login to IBM Fiberlink REST API!"

The account used has the following roles:
Administrator
Administrator - Level 2
Portal Administrator
Read-Only
Service Administrator

How to properly create a MaaS360 account for this purpose?

------------------------------
Martin Hansgut
------------------------------

After the account has been created, you need to contact Maas360 support and request that they convert it to a service account. That way the password doesn't expire.

------------------------------
Enrique Ruiz
Mobile Platform Engineer
The Church of Jesus Christ of Latter Day Saints
8012407034
------------------------------

Original Message:
Sent: Fri August 12, 2022 07:22 AM
From: Martin Hansgut
Subject: Account for connecting MaaS360 as a logsource to QRadar.

Once again, I got to the state where LogSource MaaS360 gives me the error "Error - Unable to login to IBM Fiberlink REST API!"

Uploading a new certificate helped last time, but this time I'm not doing well or I'm making a mistake somewhere.

I proceeded as follows:

• I downloaded the certificate from the URL https://services.m2.maas360.com
• Apparently the certificate is in DER format, but the file has a .cer extension, so I renamed it to .der.
• I copied the certificate file to the directory /opt/qradar/conf/trusted_certificates
• I didn't take any further steps.

Did I forget something?

------------------------------
Martin Hansgut


Original Message:
Sent: Tue March 17, 2020 01:30 PM
From: Martin Hansgut
Subject: Account for connecting MaaS360 as a logsource to QRadar.

In MaaS360 I would need to create an account that does not expire the password so I can use it to connect the MaaS360 as a logsource to QRadar.

If I create an account with the settings below, it will likely expire the password after some time.
An error is displayed in the QRadar MaaS360 settings logsource "Error - Unable to login to IBM Fiberlink REST API!"

The account used has the following roles:
Administrator
Administrator - Level 2
Portal Administrator
Read-Only
Service Administrator

How to properly create a MaaS360 account for this purpose?

------------------------------
Martin Hansgut
------------------------------

I made the transfer to the service account and the communication was functional. I have a problem since the certificate for communication with QRadar expired and it is necessary to upload a new one. I downloaded the certificate from the provided URL, copied it to the directory on QRadar, but the error still occurs.

------------------------------
Martin Hansgut
------------------------------

Original Message:
Sent: Mon August 15, 2022 12:52 AM
From: Enrique Ruiz
Subject: Account for connecting MaaS360 as a logsource to QRadar.

After the account has been created, you need to contact Maas360 support and request that they convert it to a service account. That way the password doesn't expire.

------------------------------
Enrique Ruiz
Mobile Platform Engineer
The Church of Jesus Christ of Latter Day Saints
8012407034

Original Message:
Sent: Fri August 12, 2022 07:22 AM
From: Martin Hansgut
Subject: Account for connecting MaaS360 as a logsource to QRadar.

Once again, I got to the state where LogSource MaaS360 gives me the error "Error - Unable to login to IBM Fiberlink REST API!"

Uploading a new certificate helped last time, but this time I'm not doing well or I'm making a mistake somewhere.

I proceeded as follows:

• I downloaded the certificate from the URL https://services.m2.maas360.com
• Apparently the certificate is in DER format, but the file has a .cer extension, so I renamed it to .der.
• I copied the certificate file to the directory /opt/qradar/conf/trusted_certificates
• I didn't take any further steps.

Did I forget something?

------------------------------
Martin Hansgut


Original Message:
Sent: Tue March 17, 2020 01:30 PM
From: Martin Hansgut
Subject: Account for connecting MaaS360 as a logsource to QRadar.

In MaaS360 I would need to create an account that does not expire the password so I can use it to connect the MaaS360 as a logsource to QRadar.

If I create an account with the settings below, it will likely expire the password after some time.
An error is displayed in the QRadar MaaS360 settings logsource "Error - Unable to login to IBM Fiberlink REST API!"

The account used has the following roles:
Administrator
Administrator - Level 2
Portal Administrator
Read-Only
Service Administrator

How to properly create a MaaS360 account for this purpose?

------------------------------
Martin Hansgut
------------------------------

Hi Martin
Support will be able to create a key for your WebServices usage specifically for the Q-Radar integration. 
Please contact them to request this. 
Best

------------------------------
Eamonn O'Mahony
Technical Client Success Manager
IBM Security
Dublin, Ireland
------------------------------

Original Message:
Sent: Fri August 12, 2022 07:22 AM
From: Martin Hansgut
Subject: Account for connecting MaaS360 as a logsource to QRadar.

Once again, I got to the state where LogSource MaaS360 gives me the error "Error - Unable to login to IBM Fiberlink REST API!"

Uploading a new certificate helped last time, but this time I'm not doing well or I'm making a mistake somewhere.

I proceeded as follows:

• I downloaded the certificate from the URL https://services.m2.maas360.com
• Apparently the certificate is in DER format, but the file has a .cer extension, so I renamed it to .der.
• I copied the certificate file to the directory /opt/qradar/conf/trusted_certificates
• I didn't take any further steps.

Did I forget something?

------------------------------
Martin Hansgut


Original Message:
Sent: Tue March 17, 2020 01:30 PM
From: Martin Hansgut
Subject: Account for connecting MaaS360 as a logsource to QRadar.

In MaaS360 I would need to create an account that does not expire the password so I can use it to connect the MaaS360 as a logsource to QRadar.

If I create an account with the settings below, it will likely expire the password after some time.
An error is displayed in the QRadar MaaS360 settings logsource "Error - Unable to login to IBM Fiberlink REST API!"

The account used has the following roles:
Administrator
Administrator - Level 2
Portal Administrator
Read-Only
Service Administrator

How to properly create a MaaS360 account for this purpose?

------------------------------
Martin Hansgut
------------------------------