I am getting the following error from my Crowdstrike log source:
list streams: [GET /sensors/entities/datafeed/v2][403] listAvailableStreamsOAuth2Forbidden &{Errors:[{Code:403 Message:access denied, authorization failed}] Meta:PoweredBy:crowdstrike-api-gateway QueryTime:xx-xx TraceID:xxx-xxx-xxx-xxx-xxx}}
To resolve this issue, ensure that your API token includes theEventStream Read
permission.
If you receive access token authentication errors, please check📄 Access token authentication error while onboarding Crowdstrike Event Streams log source in Pantherfor additional context.
This error is caused by missing theEventStreamRead
permission on the API token you are using to access the Crowdstrike Event Stream API. Without these permissions, the API denies access to the requested resources, resulting in the 403 access denied
error.