Mandient (FireEye) Security Validation: All versions
Cause
The older Mandient "Validations-Integrations Guide" page 61 - 65 specifies using a legacy Carbon Black API access level "API (Doc)"
Resolution
The API access level required is a custom API access level that can be created/configured as so in the CBC UI:
Create a new level in Settings; API Access Levels; notation name: org.alerts and check/enable "Read" checkbox (since the connector is "pulling" alerts only).
Create a new API key with type "Custom (new level created on step 1)"