In Postman - If you select Authorization type "API Keys" and enter valid CloudSOC API Key & Key Secret Value you get the error "1. Authorization Required"
(See bottom of the screenshot below)
Valid CloudSOC API Endpoints, Query Options, and Sample Results:
https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/symantec-cloudsoc/cloud/api-home.html
US Prod
In Postman Under "Authorization Tab" - Select "Basic Auth" & enter the "Key ID" for Username & "Key Secret" for Password from CloudSOC:
CloudSOC API keys can be created/downloaded by SysAdmin or authorized Admin from "CloudSOC/Settings/API Keys."
In Postman, you must also add these two keys under the "Headers" Tab:
Key Value
Content-Type application/JSON
X-Elastica-Dbname-Resolved True
Using "Basic Authentication" with API Key / API Secret and Headers configuration, as shown above, enables CloudSOC queries to function correctly in Postman
(Example below)
https://api-vip.elastica.net/examplecom/audit/v2/data/?resource=service&earliest_date=1638349200&latest_date=1640077200&resolution=31556926
Postman is just one example of a utility that a client could use to run CloudSOC Management API queries.
The customer could use similar queries in other utilities such as Linux cURL, Powershell, JSON, Splunk, QRADAR, etc.
Broadcom CloudSOC Support and Engineering do NOT support any of these utilities but rather ensure that the API End Points and API keys in CloudSOC are functioning. correctly
CloudSOC API Management Tech Doc
CloudSOC API supports Basic Access Authentication. Use the Key ID and Key Secret as your user name and password. The API keys are allocated on a per-user basis and inherit the permissions granted to that user.
Note:
The API Logins are subject to the IP address login restrictions defined in the "IP Address Profile" section [Cloudsoc Portal > Settings > IP Addresses].
If the IP Address profile is configured, then the API calls will be allowed from the defined IP addresses/ranges only. All the other IP addresses will fail to authenticate. The error message reads "Authorization Required," and the HTTP response code is (401)
If the IP Address profile is NOT configured, then this restriction does not apply, and the login is allowed from any source IP Address.
*** The user and key must be Active. Disabling or deleting the user will invalidate the key. A new key will would need to be generated.