Forum Discussion
Ingest IOC from Google Threat Intelligence into Sentinel
Hi all,
I'm string to ingest IOCs from Google Threat Intelligence into Sentinel.
I follow the guide at gtidocs.virutotal.com/docs/gti4sentinel-guide
API KEY is correct.
PS: I'm using standard free public API (created in Viru Total)
Managed Identitity has been configured using the correct role.
When I run the Logic APP, I received an HTTP error 403
"code": "ForbiddenError",
"message": "You are not authorized to perform the requested operation"
What's the problem ??
Regards,
HA
1 Reply
PaulineMbabuMicrosoft
Hello HA13029 ,
Were you able to resolve this issue?
I attempted to look at the documentation here -Google Threat Intelligence for MSFT Sentinel and the Documentation read that - "The API key used for the connection is user-specific. The IoC Stream is tied to a particular user's subscriptions in Google Threat Intelligence (such as collections, threat actors, and hunting rulesets)."
This should mean that The API key used for the connection is user specific. The IoC Stream is tied to a particular user's subscriptions in Google Threat Intelligence (such as collections, threat actors, and hunting rulesets).
The 403 Forbidden error would be happening because the free/public VirusTotal (Google Threat Intelligence) API key does not have permission to access the endpoints used by the Sentinel ingestion playbooks. This integration requires a paid Google Threat Intelligence (VirusTotal Intelligence) subscription, not the free public API.