Skip to main content
Panther Knowledge Base

Error: 403 access denied from Crowdstrike log source


I am getting the following error from my Crowdstrike log source:

list streams: [GET /sensors/entities/datafeed/v2][403] listAvailableStreamsOAuth2Forbidden &{Errors:[{Code:403 Message:access denied, authorization failed}] Meta:PoweredBy:crowdstrike-api-gateway QueryTime:xx-xx TraceID:xxx-xxx-xxx-xxx-xxx}}


To resolve this issue, ensure that your API token includes theEventStream Read permission.

Screenshot 2024-07-08 at 7.48.36 AM.png


This error is caused by missing theEventStream Read permission on the API token you are using to access the Crowdstrike Event Stream API. Without these permissions, the API denies access to the requested resources, resulting in the 403 access denied error.