Issue
After configuring a data lake integration to send logs from Zscaler Cloud NSS to Red Canary via an AWS S3 bucket, no logs were being received by Red Canary. Testing the Zscaler Cloud NSS export resulted in a consistent "403 Permission Denied" error. Initial checks with Zscaler support indicated that their configuration was correct, suggesting the problem was on the AWS S3 side. Further investigation revealed that the specific S3 folder designated in the integration settings was either not visible or inaccessible to Zscaler, leading to the access denial.
Environment
-
Source: Zscaler Cloud NSS (NSS Export)
-
Destination: Red Canary
-
Affected Configuration: Zscaler Cloud NSS export settings (specifically AWS Access ID and AWS Secret Key).
Resolution
The core problem stemmed from invisible leading or trailing whitespace within the AWS Access ID and AWS Secret Key fields in the Zscaler Cloud NSS export settings. This often occurs when credentials are copied and pasted directly from other sources, such as setup guides.
Steps to Resolve:
-
Navigate to the Zscaler Cloud NSS export settings.
-
Carefully edit the AWS Access ID field, ensuring all leading and trailing whitespace characters are removed.
-
Carefully edit the AWS Secret Key field, also removing any leading or trailing whitespace.
-
Save the updated configuration.
-
Initiate a test of the Zscaler Cloud NSS export.
Following these steps, the "403 Permission Denied" error was resolved, and logs began successfully flowing from Zscaler to Red Canary via the AWS S3 data lake. This highlights the crucial importance of verifying credentials for hidden characters, even when they appear correct at first glance.
Comments
0 comments
Please sign in to leave a comment.