Okay so the following curl command is used
1- curl -x ip:port
http://api.xforce.ibmcloud.com/taxiiUsing -x to bypass through proxy ip
2- version is 7.4.3 service pack 4
3- yes auth and api keys are generated
My question is, this url when opened in the browser shows the contents "Error:Not authorized"
Is this the actual output of the url or is something wrong here?
This same url was used before and threat intel app was working fine.
http://api.xforce.ibmcloud.comThe above link sends us to the documentation, but no output is displayed on putty session
http://api.xforce.ibmcloud.com/taxiiAlso what is the actual output of the above taxii url? Because when you open it as i mentioned before it shows "error:Not authorized"
------------------------------
Usman Saeed Raja
------------------------------
Original Message:
Sent: Mon October 17, 2022 10:36 AM
From: Jonathan Pechta
Subject: Threat Api link (taxii) giving output "Error: Not Authorized"
I think there is more information required to answer this:
- Can you post an example, scrubbed curl example?
- Also, can you include information on your QRadar software version?
You can SSH to QRadar and get the version when you log in as the root user or you can use the About field in the user interface.
- Do your queries include an auth token/api key? You can generate API keys for X-Force from the Settings menu under your profile for your account. You should be able to test this here: https://api.xforce.ibmcloud.com/doc/
------------------------------
Jonathan Pechta
QRadar Support Content Lead
Support forums: ibm.biz/qradarforums
jonathan.pechta1@ibm.com
Original Message:
Sent: Mon October 17, 2022 01:52 AM
From: Usman Saeed Raja
Subject: Threat Api link (taxii) giving output "Error: Not Authorized"
The threat intelligence api link shows the following error when curled "Error:Not authorized"
Its configuration consists of a load balancer.
Any details on why this happens?
------------------------------
Usman Saeed Raja
------------------------------