Skip to main content
Panther Knowledge Base

Why am I receiving a 403 forbidden error on my HMAC authenticated CrowdStrike Falcon alerts?

  1. Last updated
  2. Save as PDF

Issue

I created my HTTP Source with HMAC authentication for CrowdStrike Falcon alerts but am receiving a 403 error. 

Resolution

HMAC authentication is not currently supported for this integration. Although it is less secure, a workaround is to use Shared secret authentication for your log source, with the key/value being x-cs-signature-algorithm: HmacSHA256.  

 

Cause

HMAC authentication is not currently supported for this integration, as CrowdStrike includes a custom header that we don't support yet.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.