Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

Carbon Black Cloud: All versions
VMware App for Splunk: 1.x
Splunk: 8.x

Symptoms

Logs show “Received error code 403”, “User is not authenticated”, or “Check your API credentials”

Cause

The user’s API token did not have the correct permissions or the Org Key was configured incorrectly

Resolution

Create an API token with the correct permissions
For a thorough demonstration of this process, view the configuration demo video

Knowledge Base

Carbon Black Cloud: Splunk app user is not authenticated or receives error codes 401 or 403

Carbon Black Cloud: Splunk app user is not authenticated or receives error codes 401 or 403

Environment

Symptoms

Cause

Resolution

Related Content

Audit and Remediation

Carbon Black Cloud

Container

Endpoint Standard

Enterprise EDR

Managed Detection

Managed Detection and Response

Prevention

Workload

Knowledge Base

Carbon Black Cloud: Splunk app user is not authenticated or receives error codes 401 or 403

Carbon Black Cloud: Splunk app user is not authenticated or receives error codes 401 or 403

Environment

Symptoms

Cause

Resolution

Related Content

Thank you for your feedback.

Thank you for your feedback.