Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Enterprise EDR: Watchlist API queries return 403 Forbidden

Enterprise EDR: Watchlist API queries return 403 Forbidden

Environment

  • Carbon Black Cloud (formerly CB PSC): All Versions
    • Enterprise EDR (formerly CB ThreatHunter)
  • Watchlist API for Enterprise EDR: V3
  • API call using the Org Id in the request

Symptoms

  • Requests to get watchlist information via API returns 403 forbidden
  • Access Levels for org.watchlists include Create, Read, Update and Delete permissions
  • API call uses the Org ID in the request URL

Cause

The Org Id is not supported in API requests, the Org Key should be used instead

Resolution

Update the request to use the Org Key instead of Org Id

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎09-17-2020
Views:
534
Contributors