https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/ioc-upload-through-api-security-level-advanced/m-p/540617#M4262 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/190671">@RFeyertag</a>,</P> <P>&nbsp;</P> <P>Thank for reaching out through LIVEcommunity!</P> <P>&nbsp;</P> <P>If I understand correctly you're wanting to know the security risks for not using the advanced security level and looking for an example of hashing the API as required with powershell.</P> <P>&nbsp;</P> <P>First, one of the biggest reasons for hashing the API Key is to prevent <A href="https://csrc.nist.gov/glossary/term/replay_attack#:~:text=Definition(s)%3A,effect%20or%20gaining%20unauthorized%20access." target="_self">replay and similar attacks</A> while using the API.</P> <P>&nbsp;</P> <P>As for how to properly encrypt the API key using powershell <A href="https://www.pdq.com/blog/secure-password-with-powershell-encrypting-credentials-part-1/" target="_self">this</A> may be a good resource to get you started.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>I hope this helps.</P> Mon, 01 May 2023 16:24:34 GMT anlynch 2023-05-01T16:24:34Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/ioc-upload-through-api-security-level-advanced/m-p/540563#M4253 <P>Hello dear community,&nbsp;</P> <P>&nbsp;</P> <P>my ps script is ready to upload IOCs with least privilege.&nbsp;</P> <P>But I want to know, what kind of security risks we have if we don't use the Advanced security level?&nbsp;</P> <P>Has anybody of you a ps snippet where the api key is hased like it is required?</P> <P>&nbsp;</P> <P>additionally I found this example, but not in ps, just only python 3:</P> <P>&nbsp;</P> <P><SPAN>from datetime import datetime, timezone import secrets import string import hashlib import requests def test_advanced_authentication(api_key_id, api_key): # Generate a 64 bytes random string nonce = "".join([secrets.choice(string.ascii_letters + string.digits) for _ in range(64)]) # Get the current timestamp as milliseconds. timestamp = int(datetime.now(timezone.utc).timestamp()) * 1000 # Generate the auth key: auth_key = "%s%s%s" % (api_key, nonce, timestamp) # Convert to bytes object auth_key = auth_key.encode("utf-8") # Calculate sha256: api_key_hash = hashlib.sha256(auth_key).hexdigest() # Generate HTTP call headers headers = { "x-xdr-timestamp": str(timestamp), "x-xdr-nonce": nonce, "x-xdr-auth-id": str(api_key_id), "Authorization": api_key_hash } parameters = {} res = requests.post(url="<A href="https://api-xdr.xdr.de.paloaltonetworks.com/api_keys/validate/" target="_blank">https://api-xdr.xdr.de.paloaltonetworks.com/api_keys/validate/</A>", headers=headers, json=parameters) return res</SPAN></P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P>Rob</P> Sun, 30 Apr 2023 22:43:03 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/ioc-upload-through-api-security-level-advanced/m-p/540563#M4253 RFeyertag 2023-04-30T22:43:03Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/ioc-upload-through-api-security-level-advanced/m-p/540617#M4262 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/190671">@RFeyertag</a>,</P> <P>&nbsp;</P> <P>Thank for reaching out through LIVEcommunity!</P> <P>&nbsp;</P> <P>If I understand correctly you're wanting to know the security risks for not using the advanced security level and looking for an example of hashing the API as required with powershell.</P> <P>&nbsp;</P> <P>First, one of the biggest reasons for hashing the API Key is to prevent <A href="https://csrc.nist.gov/glossary/term/replay_attack#:~:text=Definition(s)%3A,effect%20or%20gaining%20unauthorized%20access." target="_self">replay and similar attacks</A> while using the API.</P> <P>&nbsp;</P> <P>As for how to properly encrypt the API key using powershell <A href="https://www.pdq.com/blog/secure-password-with-powershell-encrypting-credentials-part-1/" target="_self">this</A> may be a good resource to get you started.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>I hope this helps.</P> Mon, 01 May 2023 16:24:34 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/ioc-upload-through-api-security-level-advanced/m-p/540617#M4262 anlynch 2023-05-01T16:24:34Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/ioc-upload-through-api-security-level-advanced/m-p/571240#M5821 <P>Thank you! I already have the answer to my question. The PS script got all the functions to communicate through advanced.&nbsp;</P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P>Rob</P> Fri, 29 Dec 2023 18:33:15 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/ioc-upload-through-api-security-level-advanced/m-p/571240#M5821 RFeyertag 2023-12-29T18:33:15Z