Carbon Black Cloud Audit log API: Can the legacy SIEM API key be replaced with custom level Audit log (read) permission level?
search cancel

Carbon Black Cloud Audit log API: Can the legacy SIEM API key be replaced with custom level Audit log (read) permission level?

book

Article ID: 285906

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

v3/auditlogs errors when using Custom APL access level permission ->  Audit log = Read
curl -H ‘X-Auth-Token:AAAAAAAAAAAAAAAAAAAAAAAA/ZZZZZZZZZZ' https://defense-prod05.conferdeploy.net/integrationServices/v3/auditlogs
{"message":"Forbidden","success":false}

 

Environment

  • Integration services/v3/auditlogs API: v3
  • Carbon Black Cloud Server: All versions
  • Carbon Black Cloud Sensor: All versins

Cause

This is limitation CBC-26867.

Resolution

CBC-26867 feature (currently on the road map May, 2023)  will allow v3/auditlogs API calls with the custom access level permission Audit log = Read.
Until then the legacy SIEM key is required.
 
Powered by Wolken Software