I’m installing the Crowdstrike plugin for Surface Command and in the documentation, it says you need to give read permissions to Vulnerabilities. Is this called something else in Crowdstrike? I found the other permissions the API needed, but couldn’t; find anything called Vulnerabilities in the API permissions in Crowdstrike.
I’m getting this error when I try to run the Crowdstrike Vulnerabilities import. I’m assuming it’s because my API key doesn’t have permissions for Vulnerabilities. The other CS imports look like they work without any issues.
ran “Import Feed Wrapper” at 2:01:47 pm
[2:01:47 pm] Calling ‘log’
[2:01:47 pm] Data retrieval starting
[2:01:48 pm] Calling ‘log’
[2:01:48 pm] [‘t5fb2d2cc1dca49aa805c7f1d2e53ca8c_crowdstrike.falcon.ingest.vulnerabilities’]
[2:01:49 pm] Calling ‘batch_initialize’
[2:01:49 pm] Initialized batch id ‘86a64818-4d95-446e-9879-bd59c3808815’ for import id ‘default/crowdstrike.falcon.app/crowdstrike.falcon.ingest.vulnerabilities’
[2:01:50 pm] Calling ‘query’
[2:01:50 pm] Calling ‘query’
[2:02:01 pm] Calling ‘get_vulnerabilities’
[2:02:01 pm] Vulnerabilities filter = ‘cve.severity:[‘CRITICAL’, ‘HIGH’]+status:[‘open’, ‘reopen’]+created_timestamp:>‘2024-12-04T20:02:00.459430Z’’
[2:02:01 pm] Function get_vulnerabilities failed: [{‘code’: 403, ‘message’: ‘access denied, authorization failed’}]
[2:02:03 pm] Calling ‘get_vulnerabilities’
[2:02:03 pm] Vulnerabilities filter = ‘cve.severity:[‘CRITICAL’, ‘HIGH’]+status:[‘open’, ‘reopen’]+created_timestamp:>‘2024-12-04T20:02:02.062587Z’’
[2:02:03 pm] Function get_vulnerabilities failed: [{‘code’: 403, ‘message’: ‘access denied, authorization failed’}]
[2:02:04 pm] Calling ‘get_vulnerabilities’
[2:02:04 pm] Vulnerabilities filter = ‘cve.severity:[‘CRITICAL’, ‘HIGH’]+status:[‘open’, ‘reopen’]+created_timestamp:>‘2024-12-04T20:02:03.451381Z’’
[2:02:04 pm] Function get_vulnerabilities failed: [{‘code’: 403, ‘message’: ‘access denied, authorization failed’}]
Workflow execution ended with message “Expected to throw an error event with the code ‘ERROR’, but it was not caught. No error events are available in the scope.”.
Anyone have any ideas on this?