Create a simulated Case with API

Question

Hello,Has anyone successfully created a simulated case using the API?I'm trying to use the following documentation:https://docs.cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.legacyCases/simulateAlertHowever, I'm running into some issues. The API call reaches the CreateSimulatedCustomCase method, and the audit logs show that the service account is recognized and has the chronicle.legacyCases.simulate permission. Despite that, the request fails with the following error:Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential.I'm authenticating with a Service Account using the cloud-platform scope, and the same token works successfully with other Chronicle APIs.Has anyone encountered this before or managed to create simulated cases through the API?Thanks!

cmorris · Answer

Is the account working with any of the SOAR APIs or only the SIEM API? Have you completed phase 1 and 2 of the SOAR migration? Has it been mapped as well -https://docs.cloud.google.com/chronicle/docs/soar/admin-tasks/advanced/api-migration-guide#map_the_service_account_or_workload_identity_to_soar_parameters?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded