Failed to connect to Chronicle Alerts APIs

tonys · 10-17-2023 12:51 PM

We are try to extract alert generated in Chronicle instance with the below approaches:

Approach 1: https://cloud.google.com/chronicle/docs/reference/detection-engine-api#:~:text=%23%20Imports%20requi....

Approach 2: https://github.com/chronicle/api-samples-python/tree/master/uppercase

Result is:

1. Both results in PERMISSION DENIED 403

2. Error Detail

Backstory API has not been used in project XXXXXXXXXXX before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/backstory.googleapis.com/overview?project=XXXXXXXX then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.

Already checked :

1. Chronicle API is enabled in the same project

2. Chronicle Admin API access is assigned the the Service Account used in credentials.json

Please let know if any step is missed.
Thank you.

manthavish

Hello Tony,

The current end points providing the service are backstory APIs and are not authorized via the Chronicle API or Chronicle Admin API permissions. Rather, access to them has to be provided by your Chronicle representative as documented here

Quoting from there:

Your Chronicle representative will provide you with a Google Developer Service Account Credential to enable the API client to communicate with the API.

You also must provide the Auth Scope when initializing your API client. OAuth 2.0 uses a scope to limit an application's access to an account. When an application requests a scope, the access token issued to the application is limited to the scope granted.

Use the following scope to initialize your Google API client:

https://www.googleapis.com/auth/chronicle-backstory

Hope this helps.