https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/problem-with-cisco-wsa-proxy-integration/m-p/1233134#M4096 <P>Hello Team,</P> <P>&nbsp;</P> <P>I have a problem with Cisco WSA Proxy integration. </P> <P>I'm trying to connect XSOAR with Cisco WSA Proxy&nbsp;through <SPAN>Cisco WSA v2</SPAN> integration. The user for this API has full administrator rights, authentication is successful, and I get a response for a GET request - !cisco-wsa-url-categories-list successfully.</P> <P>&nbsp;</P> <P>When I'm trying to execute one of other GET and POST requests, every time I'm receiving error:&nbsp;</P> <P><SPAN>Error in API call [403] - Forbidden {"error": {"message": "Invalid User.", "code": "403", "explanation": "403 = Request forbidden -- authorization will not help."}}</SPAN></P> <P>&nbsp;</P> <P><SPAN>AsyncOS is enabled, all communications are open, I tried with different ports, but situation is the same.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Can anyone suggest an option to resolve this problem?</SPAN></P> <P>&nbsp;</P> <P><SPAN>Thank you!</SPAN></P> Thu, 03 Jul 2025 11:25:21 GMT YuliyanD 2025-07-03T11:25:21Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/problem-with-cisco-wsa-proxy-integration/m-p/1233134#M4096 <P>Hello Team,</P> <P>&nbsp;</P> <P>I have a problem with Cisco WSA Proxy integration. </P> <P>I'm trying to connect XSOAR with Cisco WSA Proxy&nbsp;through <SPAN>Cisco WSA v2</SPAN> integration. The user for this API has full administrator rights, authentication is successful, and I get a response for a GET request - !cisco-wsa-url-categories-list successfully.</P> <P>&nbsp;</P> <P>When I'm trying to execute one of other GET and POST requests, every time I'm receiving error:&nbsp;</P> <P><SPAN>Error in API call [403] - Forbidden {"error": {"message": "Invalid User.", "code": "403", "explanation": "403 = Request forbidden -- authorization will not help."}}</SPAN></P> <P>&nbsp;</P> <P><SPAN>AsyncOS is enabled, all communications are open, I tried with different ports, but situation is the same.</SPAN></P> <P>&nbsp;</P> <P><SPAN>Can anyone suggest an option to resolve this problem?</SPAN></P> <P>&nbsp;</P> <P><SPAN>Thank you!</SPAN></P> Thu, 03 Jul 2025 11:25:21 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/problem-with-cisco-wsa-proxy-integration/m-p/1233134#M4096 YuliyanD 2025-07-03T11:25:21Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/problem-with-cisco-wsa-proxy-integration/m-p/1233272#M4097 <P><STRONG>Problem:</STRONG> <CODE>!cisco-wsa-url-categories-list</CODE> works, but other API calls fail with "403 Forbidden: Invalid User."</P> <P><STRONG>Why (Likely Cause):</STRONG></P> <UL> <LI> <P>Your API user, even if a "full admin," <STRONG>lacks specific API permissions</STRONG> within the Cisco WSA's user roles. Cisco WSA API access is granular.</P> </LI> </UL> <P><STRONG>Solution (Main Steps):</STRONG></P> <OL start="1"> <LI> <P><STRONG>Check WSA User Roles:</STRONG> On your WSA (<CODE>System Administration &gt; Users</CODE>), verify the role assigned to your XSOAR API user.</P> </LI> <LI> <P><STRONG>Verify Role Permissions:</STRONG> Edit that role (or create a new one) and <STRONG>explicitly enable "API Access," "Management API," or "Reporting API" permissions</STRONG>, plus any specific Read/Write permissions needed for the failing commands.</P> </LI> <LI> <P><STRONG>Check WSA Logs:</STRONG> Look in <CODE>System Administration &gt; Log Subscriptions</CODE> on the WSA for API/Access logs. They'll give more detail on <I>why</I> the user is deemed "invalid" for specific requests.</P> </LI> </OL> Fri, 04 Jul 2025 04:26:00 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/problem-with-cisco-wsa-proxy-integration/m-p/1233272#M4097 Mudhireddy 2025-07-04T04:26:00Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/problem-with-cisco-wsa-proxy-integration/m-p/1233524#M4103 <P>Hi, <SPAN class="UserName lia-user-name lia-user-rank-L4-Transporter lia-component-message-view-widget-author-username"><A id="link_14" class="lia-link-navigation lia-page-link lia-user-name-link" href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/189408" target="_self" aria-label="View Profile of Mudhireddy"><SPAN class="">Mudhireddy</SPAN></A></SPAN>,</P> <P>&nbsp;</P> <P>Thank you for detailed steps!</P> <P>- I checked the role in the WSA User Roles - Everything is correct.</P> <P>- I tried to find the menu for Role Permissions, but there is no option to enable or disable different permissions on the predefined roles. Also, I don't have option to create a new role with specific permission. I didn't find any information in the Cisco WSA manuals how to do that. </P> <P>I use the latest WSA version- AsyncOS 14.5.</P> <P>&nbsp;</P> <P>Is there anything else I can try or look for to deal with this problem?</P> <P>&nbsp;</P> <P>Regards,</P> <P>Yuliyan</P> Tue, 08 Jul 2025 08:29:37 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/problem-with-cisco-wsa-proxy-integration/m-p/1233524#M4103 YuliyanD 2025-07-08T08:29:37Z