Cortex XDR Integration error

khanchand · ‎10-07-2024

Hello Community,

We are facing an issue in cortex XDR integration error. (Screenshot attached). API has admin rights assigned. Does anyone face same error.

RenuAndh · ‎10-09-2024

Can you try running above curl command removing -d '{}' and check. And also from connector actions try running action "Fetch Incidents" if this runs successful.

Also check this curl command works:
curl -k -X POST https://api-yourfqdn/public_api/v1/incidents/get_incidents -H "x-xdr-auth-id:{API_KEY_ID}" -H "Authorization:{API_KEY}" -H 'Accept: application/json' -H 'Content-Type: application/json' -d '{"request_data": {}}'

View solution in original post

RenuAndh · ‎10-07-2024

HI khanchand,

Can you specify Which authentication type you are selecting ?

khanchand · ‎10-07-2024

Hi Renu,

Its Standard Key. And same is selected in Cortex while creating the key.

RenuAndh · ‎10-08-2024

Can you try running this curl command to check with valid credentials:
curl -X POST https://api-{fqdn}/public_api/v1/distributions/get_versions/ -H "x-xdr-auth-id:{API_KEY_ID}" -H "Authorization:{API_KEY}" -H "Content-Type:application/json" -d '{}'

khanchand · ‎10-08-2024

attaching the output screenshot

RenuAndh · ‎10-09-2024

Can you try running above curl command removing -d '{}' and check. And also from connector actions try running action "Fetch Incidents" if this runs successful.

Also check this curl command works:
curl -k -X POST https://api-yourfqdn/public_api/v1/incidents/get_incidents -H "x-xdr-auth-id:{API_KEY_ID}" -H "Authorization:{API_KEY}" -H 'Accept: application/json' -H 'Content-Type: application/json' -d '{"request_data": {}}'

khanchand · ‎10-09-2024

Hi Renu,

Its working now by generating another API account.

Cortex XDR Integration error

Nominate a Forum Post for Knowledge Article Creation