logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Carbon Black Cloud Audit log API: Can the legacy SIEM API key be replaced with custom level Audit log (read) permission level?

Carbon Black Cloud Audit log API: Can the legacy SIEM API key be replaced with custom level Audit log (read) permission level?

Environment

  • Integration services/v3/auditlogs API: v3
  • Carbon Black Cloud Server: All versions
  • Carbon Black Cloud Sensor: All versins

Symptoms

v3/auditlogs errors when using Custom APL access level permission ->  Audit log = Read
curl -H ‘X-Auth-Token:AAAAAAAAAAAAAAAAAAAAAAAA/ZZZZZZZZZZ' https://defense-prod05.conferdeploy.net/integrationServices/v3/auditlogs
{"message":"Forbidden","success":false}

 

Cause

This is limitation CBC-26867.

Resolution

CBC-26867 feature (currently on the road map May, 2023)  will allow v3/auditlogs API calls with the custom access level permission Audit log = Read.
Until then the legacy SIEM key is required.
 

Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎05-01-2023
Views:
209
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.