Carbon Black Cloud: How to resolve 403 permissions error in Splunk Soar App when user Initiated dismiss alert action

Carbon Black Cloud: How to resolve 403 permissions error in Splunk Soar App when user Initiated dismiss alert action

search cancel

Carbon Black Cloud: How to resolve 403 permissions error in Splunk Soar App when user Initiated dismiss alert action

book

Article ID: 287463

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

How to resolve 403 permissions error in Splunk Soar App when user Initiated dismiss alert action

Environment

Carbon Black Cloud Console: All Versions
Endpoint Standard App for Splunk SOAR: Version 2.0.0
Splunk SOAR version 5.3.0 and Higher

Cause

API permissions is not configured correctly due to migration from Alerts v6 to Alerts v7 and upgrade of the Splunk SOAR App. This change affects the polling process (now using Alerts v7) and the action dismiss alert.

Resolution

Change requires additional permission (Background Tasks jobs.status - READ)

Additional Information

Additional Error message notes
- Received Error code 403
- Status 403 Error Forbidden

Feedback

thumb_up Yes

thumb_down No