Carbon Black Cloud: Splunk app user is not authenticated or receives error codes 401 or 403
search cancel

Carbon Black Cloud: Splunk app user is not authenticated or receives error codes 401 or 403

book

Article ID: 291982

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Logs show “Received error code 403”, “User is not authenticated”, or “Check your API credentials”

Environment

  • Carbon Black Cloud: All versions
  • VMware App for Splunk: 1.x
  • Splunk: 8.x

Cause

The user’s API token did not have the correct permissions or the Org Key was configured incorrectly

Resolution