Hello All,

We are currently running IBM SOAR on-premises v50.2 with an MSSP organization. Several applications such as VirusTotal and restAPI app are already operational on our APP Host within a child organization.

I am attempting to install the CrowdStrike APP (IBM Security App Exchange - CrowdStrike Falcon Insight and Threat Intel (ibmcloud.com)) on this child organization. However, I have encountered an issue, details of which are attached (error, app.config, sample of client.log).

The issue appears to be related to the API key for the message destination of CrowdStrike. I have tried granting full permissions, regenerating the key, and updating the app.config file, but the problem persists. also, I created an API key with full permissions within the configuration organization and assigned this key to the message destination for CrowdStrike, but this approach also did not resolve the issue.

Thank You

Not long ago I had issues with this app too, but the errors I had were different so I'm not sure if I'll be able to help. 

Did the self tests in app.config pass? And just to make sure, did you try to give the API key only the permissions that are specified in the documentation? 

Hello All,

We are currently running IBM SOAR on-premises v50.2 with an MSSP organization. Several applications such as VirusTotal and restAPI app are already operational on our APP Host within a child organization.

I am attempting to install the CrowdStrike APP (IBM Security App Exchange - CrowdStrike Falcon Insight and Threat Intel (ibmcloud.com)) on this child organization. However, I have encountered an issue, details of which are attached (error, app.config, sample of client.log).

The issue appears to be related to the API key for the message destination of CrowdStrike. I have tried granting full permissions, regenerating the key, and updating the app.config file, but the problem persists. also, I created an API key with full permissions within the configuration organization and assigned this key to the message destination for CrowdStrike, but this approach also did not resolve the issue.

Thank You

Hi Maria,

Thanks for your reply, Yes I did try with with only the permissions that are specified in the documentation, but it didn't work, so I tried to give it full access. 

regarding the self test, I didn't check it, but I have another SOAR Platform "cloud" and this app works fine there, I think the issue might be related to the MSSP and configuration and child organization thing, but I'm not sure why.

Thanks!

Not long ago I had issues with this app too, but the errors I had were different so I'm not sure if I'll be able to help. 

Did the self tests in app.config pass? And just to make sure, did you try to give the API key only the permissions that are specified in the documentation? 

Hello All,

We are currently running IBM SOAR on-premises v50.2 with an MSSP organization. Several applications such as VirusTotal and restAPI app are already operational on our APP Host within a child organization.

I am attempting to install the CrowdStrike APP (IBM Security App Exchange - CrowdStrike Falcon Insight and Threat Intel (ibmcloud.com)) on this child organization. However, I have encountered an issue, details of which are attached (error, app.config, sample of client.log).

The issue appears to be related to the API key for the message destination of CrowdStrike. I have tried granting full permissions, regenerating the key, and updating the app.config file, but the problem persists. also, I created an API key with full permissions within the configuration organization and assigned this key to the message destination for CrowdStrike, but this approach also did not resolve the issue.

Thank You

Hello All,

We are currently running IBM SOAR on-premises v50.2 with an MSSP organization. Several applications such as VirusTotal and restAPI app are already operational on our APP Host within a child organization.

I am attempting to install the CrowdStrike APP (IBM Security App Exchange - CrowdStrike Falcon Insight and Threat Intel (ibmcloud.com)) on this child organization. However, I have encountered an issue, details of which are attached (error, app.config, sample of client.log).

The issue appears to be related to the API key for the message destination of CrowdStrike. I have tried granting full permissions, regenerating the key, and updating the app.config file, but the problem persists. also, I created an API key with full permissions within the configuration organization and assigned this key to the message destination for CrowdStrike, but this approach also did not resolve the issue.

Thank You