IOC upload 401 response

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

IOC upload 401 response

L1 Bithead

Hello, 

 

I am trying to upload IOC's with this API reference: 

Insert Simple Indicators, CSV (paloaltonetworks.com)

 

I'm posting the data with the requests module in python and always get a 401 response for "Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters."

 

 

headers = {
    'x-xdr-auth-id': '300',
    'authorization': 'APIKEY',
    'content-type': 'application/json',
}

data = '{"request_data": "' + request_data + '"}'

response = requests.post('https://api-xxx.paloaltonetworks.com/public_api/v1/indicators/insert_csv/', headers=headers, data=data)

 

 

We have a Pro per Endpoint licence and I am generating an API key with full permissions for testing. I get the {API_KEY_ID} from the ID column after the key is generated. 

 

Any ideas why this is failing?

 

Thanks, 

John. 

1 ACCEPTED SOLUTION

Accepted Solutions

Eventually worked this out with more trial and error. 

 

I had to change the 'data' variable from a string to a dictionary and serialize the JSON in the request. 

 

 

 

data = {"request_data": request_data}

response = requests.post('https://api-xxx.paloaltonetworks.com/public_api/v1/indicators/insert_csv/', headers=headers, json=data)

 

 

 

I was also missing the CSV headers, I believe that is what creates these errors: 

"err_extra": "Invalid control character

 

View solution in original post

2 REPLIES 2

L1 Bithead

Not sure what I did differently but I managed to get past this but now I'm on a 400 error, here are a few examples: 

b'{"reply": {"err_code": 400, "err_msg": "Bad Request. Got an invalid JSON.", "err_extra": "Invalid control character at: line 1 column 94 (char 93)"}}'

b'{"reply": {"err_code": 400, "err_msg": "Bad Request. Got an invalid JSON.", "err_extra": "Expecting value: line 1 column 1 (char 0)"}}'

 

This is an example of the JSON I'm posting, the IOC's are from XDR's sample file in the upload interface: 

{
	"request_data": "192.168.2.1,IP,INFO,Never,Comment string,BAD,C,Malware,Vendor string,GOOD,C\nC:\tmp\risky_script.py,PATH,INFO,Never,Comment string,BAD,C,Malware,Vendorstring,GOOD,C\ncrypto_v.exe,FILENAME,INFO,Never,Comment string,BAD,C,Malware,Vendor string,GOOD,C\nwww.lottery4free.biz,DOMAIN_NAME,INFO,Never,Commentstring,BAD,C,Malware,Vendor string,GOOD,C\n900150983cd24fb0d6963f7d28e17f72,HASH,INFO,Never,Commentstring,BAD,C,Malware,Vendor string,GOOD,C\nba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad,HASH,INFO,Never,Comment string,BAD,C,Malware,Vendor string,GOOD,C\n"
}

 

I put this into a JSON validator which said it's good. I've played around with a few variations but haven't had any luck. Does anyone have advice on the JSON formatting expected by the API? 

 

Eventually worked this out with more trial and error. 

 

I had to change the 'data' variable from a string to a dictionary and serialize the JSON in the request. 

 

 

 

data = {"request_data": request_data}

response = requests.post('https://api-xxx.paloaltonetworks.com/public_api/v1/indicators/insert_csv/', headers=headers, json=data)

 

 

 

I was also missing the CSV headers, I believe that is what creates these errors: 

"err_extra": "Invalid control character

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!