Enterprise EDR: Watchlist API queries return 403 Forbidden
book
Article ID: 289573
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
- Requests to get watchlist information via API returns 403 forbidden
- Access Levels for org.watchlists include Create, Read, Update and Delete permissions
- API call uses the Org ID in the request URL
Environment
- Carbon Black Cloud (formerly CB PSC): All Versions
- Enterprise EDR (formerly CB ThreatHunter)
- Watchlist API for Enterprise EDR: V3
- API call using the Org Id in the request
Cause
The Org Id is not supported in API requests, the Org Key should be used instead
Resolution
Update the request to use the Org Key instead of Org Id
Feedback
thumb_up
Yes
thumb_down
No