This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Problem with Cisco WSA Proxy integration

cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Problem with Cisco WSA Proxy integration

YuliyanD
L0 Member

‎07-03-2025 04:25 AM

Hello Team,

 

I have a problem with Cisco WSA Proxy integration.

I'm trying to connect XSOAR with Cisco WSA Proxy through Cisco WSA v2 integration. The user for this API has full administrator rights, authentication is successful, and I get a response for a GET request - !cisco-wsa-url-categories-list successfully.

 

When I'm trying to execute one of other GET and POST requests, every time I'm receiving error: 

Error in API call [403] - Forbidden {"error": {"message": "Invalid User.", "code": "403", "explanation": "403 = Request forbidden -- authorization will not help."}}

 

AsyncOS is enabled, all communications are open, I tried with different ports, but situation is the same.

 

Can anyone suggest an option to resolve this problem?

 

Thank you!

0 Likes Likes
2 REPLIES 2

Mudhireddy
L4 Transporter

‎07-03-2025 09:26 PM

Problem: !cisco-wsa-url-categories-list works, but other API calls fail with "403 Forbidden: Invalid User."

Why (Likely Cause):

  • Your API user, even if a "full admin," lacks specific API permissions within the Cisco WSA's user roles. Cisco WSA API access is granular.

Solution (Main Steps):

  1. Check WSA User Roles: On your WSA (System Administration > Users), verify the role assigned to your XSOAR API user.

  2. Verify Role Permissions: Edit that role (or create a new one) and explicitly enable "API Access," "Management API," or "Reporting API" permissions, plus any specific Read/Write permissions needed for the failing commands.

  3. Check WSA Logs: Look in System Administration > Log Subscriptions on the WSA for API/Access logs. They'll give more detail on why the user is deemed "invalid" for specific requests.

Best Regards,
Suresh
0 Likes Likes

YuliyanD
L0 Member
In response to Mudhireddy

‎07-08-2025 01:29 AM

Hi, Mudhireddy,

 

Thank you for detailed steps!

- I checked the role in the WSA User Roles - Everything is correct.

- I tried to find the menu for Role Permissions, but there is no option to enable or disable different permissions on the predefined roles. Also, I don't have option to create a new role with specific permission. I didn't find any information in the Cisco WSA manuals how to do that.

I use the latest WSA version- AsyncOS 14.5.

 

Is there anything else I can try or look for to deal with this problem?

 

Regards,

Yuliyan

0 Likes Likes
  • 276 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks