IBM QRadar SOAR

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

Insufficient permissions to create an incident

1. Insufficient permissions to create an incident

Like
Jasmine
Posted Fri April 17, 2020 06:24 AM

Reply
Hi,

We want to use mssp with qradar. When we want to send an offense to resilient, there is this error:

Template render test passed! Simulated Incident submission test failed! See client.log for details. Forbidden: {"success":false,"title":null,"message":"Insufficient permissions to create an incident.","hints":[],"error_code":"generic"}

Any advice would be appreciated.
Best
Jasmine

------------------------------
Jasmine
------------------------------
2. RE: Insufficient permissions to create an incident

Like
Carlos Ortigoza
Posted Mon April 20, 2020 03:58 AM

Reply
Hi Jasmine,

You need to check the permissions for either the user or API key that you are using to create that incident and make sure it has the "create incident" permission set:

For the users it look a bit different as the permissions are set by roles but I would recommend using API keys and not users.

Regards,
Carlos

------------------------------
Regards,
Carlos Ortigoza
------------------------------

Original Message
3. RE: Insufficient permissions to create an incident

Like
Jasmine
Posted Mon April 20, 2020 06:28 AM

Reply
Hi, we cant create api keys in mssp

------------------------------
Jasmine
------------------------------

Original Message
4. RE: Insufficient permissions to create an incident

Like
Ben Lurie
Posted Mon April 20, 2020 08:18 AM

Reply
Use the Create Incident Permission for the Role associated with the user account:

Ben

------------------------------
Ben Lurie
------------------------------

Original Message
5. RE: Insufficient permissions to create an incident

Like
Jasmine
Posted Mon April 20, 2020 08:56 AM

Reply
The user is master admin :) the error exists in qradar.

------------------------------
Jasmine
------------------------------

Original Message
6. RE: Insufficient permissions to create an incident

Like
Jasmine
Posted Mon April 20, 2020 09:10 AM

Reply
After a full deploy, problem has been solved

------------------------------
Jasmine
------------------------------

Original Message

IBM QRadar SOAR

Insufficient permissions to create an incident

JasmineFri April 17, 2020 06:24 AM

Carlos OrtigozaMon April 20, 2020 03:58 AM

JasmineMon April 20, 2020 06:28 AM

Ben LurieMon April 20, 2020 08:18 AM

JasmineMon April 20, 2020 08:56 AM

JasmineMon April 20, 2020 09:10 AM

1. Insufficient permissions to create an incident

2. RE: Insufficient permissions to create an incident

3. RE: Insufficient permissions to create an incident

4. RE: Insufficient permissions to create an incident

5. RE: Insufficient permissions to create an incident

6. RE: Insufficient permissions to create an incident

Additional
Resources

Office

Quick Links

IBM QRadar SOAR

Insufficient permissions to create an incident

JasmineFri April 17, 2020 06:24 AM

Carlos OrtigozaMon April 20, 2020 03:58 AM

JasmineMon April 20, 2020 06:28 AM

Ben LurieMon April 20, 2020 08:18 AM

JasmineMon April 20, 2020 08:56 AM

JasmineMon April 20, 2020 09:10 AM

1. Insufficient permissions to create an incident

2. RE: Insufficient permissions to create an incident

3. RE: Insufficient permissions to create an incident

4. RE: Insufficient permissions to create an incident

5. RE: Insufficient permissions to create an incident

6. RE: Insufficient permissions to create an incident

Related Content

Resilient Systems QRadar Integration

QRadar Multi-Tenancy, Domains & Tenants in QRadar

Workspaces with API Keys

Tracking Offense Metrics in QRadar

How to retrieve MITRE ATT&CK information from a curl GET REST API call in QRadar

Additional Resources

Office

Quick Links

Additional
Resources