Splunk SOAR
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

SOAR HTTP app to Cisco Secure Endpoint API

m22oswald
Engager
‎01-18-2024 06:58 AM

I'm trying to set up the HTTP app to access the CIsco Secure Endpoint API (v3).  I've generated the access token following the instructions found here.    I can send a curl request in POSTMAN, using the access token, to get organisation details.  So I know the access token is ok:

 

 

 

curl -s 'https://api.amp.cisco.com/v3/organizations?size=10' \
                --header "Authorization: Bearer eyJhbGciOiJ....."

 

 

 

When I enter the same value in the access_token field in the HTTP app and test connectivity, I always receive the following error status code:

error 401 Data from server: {"errors":["Missing token"]}

I'm not sure what to enter for the Type of Authentication Token, so maybe that's where I'm messing it up.  I think it should be Bearer, because that's the only thing in POSTMAN header other than the token itself.

Note that I haven't entered anything in any of the other authentication fields (username, password, url, Client ID, Client Secret).  And also - I get the same error if I don't enter anything in the access token field.  Basically, it's just ignored.

Labels (2)
0 Karma
Reply

Carloszavala121
Explorer
‎01-18-2024 03:44 PM

Another solution that I would do to solve the problem would be with an executed actions in this case a code within a flow make the request through python code where the same url enter the token like this example

import requests url = 'https://api.amp.cisco.com/v3/organizations?size=10' headers = { 'Authorization': 'Bearer eyJhbGciOiJ.....' # Asegúrate de reemplazar esto con tu token real } # Realizar la petición GET response = requests.get(url, headers=headers) # Verificar si la petición fue exitosa (código de estado 200) if response.status_code == 200: # Imprimir la respuesta JSON print(response.json()) else: # Imprimir el código de estado y el mensaje de error en caso de falla print(f'Error: {response.status_code} - {response.text}')

0 Karma
Reply

Carloszavala121
Explorer
‎01-18-2024 03:40 PM

Carloszavala121_0-1705621107014.png

Hello, apparently in SOAR the token section is optional, an idea would be that you do not enter anything in the token but you do enter the necessary credentials to carry out your request, in this case your username and password

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top