Hello All,
We are trying to ingest logs into chronicle via API, during which 403 permission error appears.
Do we need to add any permissions to our JSON key?
Solved! Go to Solution.
The Ingestion API is a different endpoint to the BackStory API. I would suggest contacting support, your account team, or partner, as this requires creating a new set of credentials, or granting new permissions to your existing credentials.
error 403 usually happens when OAuth token does not have the right scopes, the client doesn't have permission, or the API has not been enabled.
The API has been enabled, Detection API is accessible but rest aren't.
Is there a way to enable them?
The Ingestion API is a different endpoint to the BackStory API. I would suggest contacting support, your account team, or partner, as this requires creating a new set of credentials, or granting new permissions to your existing credentials.
@cmmartin_google I am just curious I am also encountering this problem but I am not able to find anywhere what permissions would be required to add to the service account would you be able to point me to some documentation as it is not listed in the ingestion api and I have looked pretty thoroughly.
Thanks in advance
The Ingestion API is created/managed by Google and you need to reach out to support, so we can create and send you the API key.
https://cloud.google.com/chronicle/docs/reference/ingestion-api
@Rene_Figueroa Thank you for the quick response. I was told the creds.json provided was for the ingestion API but I tested with the Search API and was successful and a 403 error for Ingestion API. I will reach out thanks again.
Thanks! Most likely there was some miscommunication. When you open the support case add the "client_email" in the "creds.json" file and we can confirm. Thank you!
LinkedIn
Twitter
