Environment
- Carbon Black Cloud Console: All Versions
- Endpoint Standard App for Splunk SOAR: Version 2.0.0
- Splunk SOAR version 5.3.0 and Higher
Symptoms
How to resolve 403 permissions error in Splunk Soar App when user Initiated dismiss alert action
Cause
- API permissions is not configured correctly due to migration from Alerts v6 to Alerts v7 and upgrade of the Splunk SOAR App. This change affects the polling process (now using Alerts v7) and the action dismiss alert.
Resolution
- Change requires additional permission (Background Tasks jobs.status - READ)
Additional Notes
- Additional Error message notes
- Received Error code 403
- Status 403 Error Forbidden
Related Content