APISync curl command gives 403 error while trying to pull out reports from Web Security Service (WSS).

Web Security Service

Splunk

The curl parameters '-u' is used for server login which is not what the portal expects.

To pull out reports from WSS, we just need the header value of X-APIUsername and X-APIPassword which is passed to WSS portal to start the downloading of logs.

The 401/403 error values are the response returned by Wss when we click he log sync URL by default.

CURL command:

curl -H "X-Requested-With:curl" -H "X-APIUsername:<api_username>" -H "X-APIPassword:<api_password>" "https://portal.threatpulse.com/reportpod/logs/sync?startDate=<time_in_miliseconds>&endDate=0&token=none"