jlangdev
commented
1 year ago Hi @vskerpac-eng, have you tried the latest patch? We implemented the FalconPy library, so authentication should work smoothly now.
Open vskerpac-eng opened 2 years ago
jlangdev
commented
1 year ago Hi @vskerpac-eng, have you tried the latest patch? We implemented the FalconPy library, so authentication should work smoothly now.
Receiving, Falcon API] Error getting Indicators: 403 Client Error: Forbidden for url: https://api.crowdstrike.com/intel/queries/indicators/v1?limit=10000&sort=published_date%7Cdesc&filter=type:'url'%2Bmalicious_confidence:'high' How can I understand why this error is occuring?
When run python3 intelbridge command in bash, authentication to CS and Zsaler are both good but then fails getting indicators.
Instructions from deployment guide are to create API client key in CS with 'READ permissions for Indicators(FalconX)' and in CS API Key creation UI, listed as IOCs (Indicators of Compromise), which is a discrepancy I see in doc - not sure of any significance regarding doc. Wondering if this is permissions set properly or if url specification issue.
Additional output: 10/06/2022 07:10:52 AM Starting Pull/Prepare/Push Loop # 1 With new indicators 10/06/2022 07:10:52 AM Confirming URL category CrowdStrike Malicious URLs - High exists 10/06/2022 07:10:52 AM Validated URL category CrowdStrike Malicious URLs - High 10/06/2022 07:10:52 AM [Falcon API] Getting new Indicators 10/06/2022 07:10:53 AM [Falcon API] Error getting Indicators: 403 Client Error: Forbidden for url: https://api.crowdstrike.com/intel/queries/indicators/v1?limit=10000&sort=published_date%7Cdesc&filter=type:'url'%2Bmalicious_confidence:'high' 10/06/2022 07:10:53 AM HTTP related failure: < GET /intel/queries/indicators/v1?limit=10000&sort=published_date%7Cdesc&filter=type:'url'%2Bmalicious_confidence:'high' HTTP/1.1 < Host: api.crowdstrike.com < User-Agent: Zscaler-FalconX-Intel-Bridge-v2