Carbon Black Cloud: When testing a new Mandient API integration, a confirmation test yields a "403 forbidden" error.
search cancel

Carbon Black Cloud: When testing a new Mandient API integration, a confirmation test yields a "403 forbidden" error.

book

Article ID: 288152

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

  • The CBC Audit log shows "Connector (name) logged in successfully."
  • When attempting to run the Mandient-provided test code below, the Mandient console shows a "403 forbidden" error message:
"{
"criteria": {
"create_time": {
"range": "-5m"
}
}
}"

 

Environment

 
  • Carbon Black Cloud Console: All versions
  • Carbon Black Cloud Sensors: All versions
  • Mandient (FireEye) Security Validation: All versions

 

Cause

The older Mandient "Validations-Integrations Guide" page 61 - 65 specifies using a legacy Carbon Black API access level  "API (Doc)"

Resolution

The API access level required is a custom API access level that can be created/configured as so in the CBC UI:
  1. Create a new level in Settings; API Access Levels; notation name: org.alerts  and check/enable "Read" checkbox (since the connector is "pulling" alerts only).
  2. Create a new API key with type "Custom (new level created on step 1)"
Powered by Wolken Software