Splunk SOAR
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

SOAR HTTP app to Cisco Secure Endpoint API

m22oswald
Engager
‎01-18-2024 06:58 AM

I'm trying to set up the HTTP app to access the CIsco Secure Endpoint API (v3).  I've generated the access token following the instructions found here.    I can send a curl request in POSTMAN, using the access token, to get organisation details.  So I know the access token is ok:

 

 

 

curl -s 'https://api.amp.cisco.com/v3/organizations?size=10' \
                --header "Authorization: Bearer eyJhbGciOiJ....."

 

 

 

When I enter the same value in the access_token field in the HTTP app and test connectivity, I always receive the following error status code:

error 401 Data from server: {"errors":["Missing token"]}

I'm not sure what to enter for the Type of Authentication Token, so maybe that's where I'm messing it up.  I think it should be Bearer, because that's the only thing in POSTMAN header other than the token itself.

Note that I haven't entered anything in any of the other authentication fields (username, password, url, Client ID, Client Secret).  And also - I get the same error if I don't enter anything in the access token field.  Basically, it's just ignored.

Labels (2)
0 Karma
Reply

Carloszavala121
Explorer
‎01-18-2024 03:44 PM

Another solution that I would do to solve the problem would be with an executed actions in this case a code within a flow make the request through python code where the same url enter the token like this example

import requests url = 'https://api.amp.cisco.com/v3/organizations?size=10' headers = { 'Authorization': 'Bearer eyJhbGciOiJ.....' # Asegúrate de reemplazar esto con tu token real } # Realizar la petición GET response = requests.get(url, headers=headers) # Verificar si la petición fue exitosa (código de estado 200) if response.status_code == 200: # Imprimir la respuesta JSON print(response.json()) else: # Imprimir el código de estado y el mensaje de error en caso de falla print(f'Error: {response.status_code} - {response.text}')

0 Karma
Reply

Carloszavala121
Explorer
‎01-18-2024 03:40 PM

Carloszavala121_0-1705621107014.png

Hello, apparently in SOAR the token section is optional, an idea would be that you do not enter anything in the token but you do enter the necessary credentials to carry out your request, in this case your username and password

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...