Getting Data In

REST API Modular Input - 401 Client Unauthorized

joseft
Explorer

I am trying to access Carbon Black via The REST API. As expected, this works in Postman:
Console Output (keys and tokens changed):

GET
https://api-prod06.conferdeploy.net/integrationServices/v3/event/
Proxy:
host:"127.0.0.1"
port:9000
match:"http+https://*/*"
Request Headers:
x-auth-token:"CYLVZZZZZZZZZZZZZ/3IZNXXXX"
cache-control:"no-cache"
postman-token:"c092b323-fc8e-4c1d-9a6d-c6f042000000"
user-agent:"PostmanRuntime/7.2.0"
accept:"*/*"
host:"api-prod06.conferdeploy.net"
cookie:"__cfduid=ddfebf41ad8fce5ba32a3bd7b71e891e61535000000"
accept-encoding:"gzip, deflate"
Response Headers:
content-type:"application/json;charset=ISO-8859-1"
date:"Mon, 03 Sep 2018 09:21:47 GMT"
server:"Apache-Coyote/1.1"
content-length:"491061"
connection:"Close"
Response Body:
200
590 ms

It starts off OK
alt text

And then crashes out with a 401 error.

Any help would be appreciated.

Thanks in advance.

0 Karma
1 Solution

joseft
Explorer

I found it. In Carbon Black, the api key has its own whitelist. You have to have the Splunk server ip whitelisted in Carbon Black for the key to work.

View solution in original post

0 Karma

joseft
Explorer

I found it. In Carbon Black, the api key has its own whitelist. You have to have the Splunk server ip whitelisted in Carbon Black for the key to work.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

@joseft, If your problem is resolved, please accept the answer to help future readers.

---
If this reply helps you, Karma would be appreciated.
0 Karma

joseft
Explorer

I found it. In Carbon Black, the api key has its own whitelist. You have to have the Splunk server ip whitelisted in Carbon Black for the key to work.

0 Karma
Get Updates on the Splunk Community!

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...

Enterprise Security Content Update (ESCU) | New Releases

In October, the Splunk Threat Research Team had one release of new security content via the Enterprise ...