Carbon Black Cloud: Splunk app user is not authenticated or receives error codes 401 or 403
book
Article ID: 291982
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Logs show “Received error code 403”, “User is not authenticated”, or “Check your API credentials”
Environment
- Carbon Black Cloud: All versions
- VMware App for Splunk: 1.x
- Splunk: 8.x
Cause
The user’s API token did not have the correct permissions or the Org Key was configured incorrectly
Feedback
thumb_up
Yes
thumb_down
No