When trying to onboard Snyk logs to Panther, one of the following errors occur:
Source Snyk did not pass configuration check because: org-id provided is not scoped to api-token
Source Snyk did not pass configuration check because: snyk api token does not have required permissions to read group audit logs
Source Snyk did not pass configuration check because: snyk api token does not have required permissions to read group audit logs
Source your-snyk-source did not pass configuration check because: snyk api token does not have required permissions to read group audit logs
To resolve this issue:
Ensure that you create a Snyk Group level service account and select the Group Admin
role.
In Panther, ensure that you enter your Snyk Organization Id
. This can be found in your Snyk settings shown below:
To onboard a second Organization in Panther, you need to create two log sources, one for each Organization Id
. In the configuration of the second source, select only SnykOrgAudit
to avoid ingesting Group logs twice.
Optional:
If you only want to onboard Organization logs and exclude Group logs, you can create a service account either in the Group settings or directly from the Organization settings. However, you will need to remove the SnykGroupAudit
log types from the log source during onboarding, as the Organization service account only has access to the Organization audit logs, not the Group logs.
This issue occurs when your Snyk account is misconfigured:
A Snyk account consists of one Group, and within each Group, there can be multiple organizations. However, Group audit logs do not include Organization audit logs. Panther uses different Snyk API endpoints to retrieve Group and Organization audit logs.
The Group Viewer
role does not have sufficient permissions to view the Organization audit logs.