Skip to main content
Panther Knowledge Base

Error: 403 access denied from Crowdstrike log source

Issue

I am getting the following error from my Crowdstrike log source:

list streams: [GET /sensors/entities/datafeed/v2][403] listAvailableStreamsOAuth2Forbidden &{Errors:[{Code:403 Message:access denied, authorization failed}] Meta:PoweredBy:crowdstrike-api-gateway QueryTime:xx-xx TraceID:xxx-xxx-xxx-xxx-xxx}}

Resolution

To resolve this issue, ensure that your API token includes theEventStream Read permission.

Screenshot 2024-07-08 at 7.48.36 AM.png

Cause

This error is caused by missing theEventStream Read permission on the API token you are using to access the Crowdstrike Event Stream API. Without these permissions, the API denies access to the requested resources, resulting in the 403 access denied error.