Enterprise EDR: Watchlist API queries return 403 Forbidden
search cancel

Enterprise EDR: Watchlist API queries return 403 Forbidden

book

Article ID: 289573

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

  • Requests to get watchlist information via API returns 403 forbidden
  • Access Levels for org.watchlists include Create, Read, Update and Delete permissions
  • API call uses the Org ID in the request URL

Environment

  • Carbon Black Cloud (formerly CB PSC): All Versions
    • Enterprise EDR (formerly CB ThreatHunter)
  • Watchlist API for Enterprise EDR: V3
  • API call using the Org Id in the request

Cause

The Org Id is not supported in API requests, the Org Key should be used instead

Resolution

Update the request to use the Org Key instead of Org Id
Powered by Wolken Software