Getting Data In

Permissions for CrowdStrike Intel Indicatos Technical Add-On

DaisyNguyen
Loves-to-Learn Lots

Hi all,

I'm trying to get data into CrowdStrike Intel Indicatos Technical Add-On follow this guide in US Commercial 2 cloud enviroment. I realized that I can't find Indicators (Falcon Intelligence) permission of API token like that document mentioned. After that, I found that it has IOCs (Indicators of Compromise), Actors (Falcon Intelligence), Reports (Falcon Intelligence)so I checked that. 

But, it still have error "ACCESS DENIED" like:

 

 

 ERROR pid=6180 tid=MainThread file=base_modinput.py:log_error:317 | CrowdStrike Intel Indicators TA 3.1.3  CrowdStrike_Intel_Indicators: Error contacting the CrowdStrike Device API, please provide this TraceID to CrowdStrike support = <device_id>
ERROR pid=6180 tid=MainThread file=base_modinput.py:log_error:317 | CrowdStrike Intel Indicators TA 3.1.3  CrowdStrike_Intel_Indicators: Error contacting the CrowdStrike Device API, error message = access denied, authorization failed
ERROR pid=6180 tid=MainThread file=base_modinput.py:log_error:317 | CrowdStrike Intel Indicators TA 3.1.3  CrowdStrike_Intel_Indicators: TA is shutting down

 

 

I have already used the same API token for CrowdStrike Event Streams Technical Add-On and it works normally.

Please help me to fix this!

Thank you.

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...