Access token authentication error while onboarding Crowdstrike Event Streams log source in Panther
Last updated: September 3, 2024
Issue
When trying to onboard a new Crowdstrike Event Streams log source I receive authentication errors.
Resolution
Depending on the specific error message, different fixes may apply:
"Failed to generate access token for clientID": You should correct the client id value"Failed to issue access token - Client authentication failed"(e.g., unknown client, no client authentication included, or unsupported authentication method): You should correct the secret value"Failed to generate access token for customer ID": You should correct the member cid or you shouldn't type a member cid at all (for example, if you fetched your customer ID from your Falcon instance)
If you are seeing a 403 access denied error please check this knowledge base article for more context:📄 Error: 403 access denied from Crowdstrike log source