Splunk app user is not authenticated or receives error codes 401 or 403
Article ID: 291982
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Logs show “Received error code 403”, “User is not authenticated”, or “Check your API credentials”
Environment
- Carbon Black Cloud: All versions
- VMware App for Splunk: 1.x
- Splunk: 8.x
Cause
The user’s API token did not have the correct permissions or the Org Key was configured incorrectly
Resolution
Create an API token with the correct permissions
Additional Information
For more information see the documentation and our Youtube video
Feedback
Yes
No
Powered by
