Error with TFA and non API account #1
Comments
|
Thanks @posh-man! for the issue request! The reason for this issue has to do with the Cybereason API. I am going to leave this open in case they ever update this as a reminder for myself to check every so often. DETAILED EXPLANATION |
|
Hey just letting you know I did not realize I missed something in the MFA PowerShell code. There are two separate requests that needed to be set as well as another header value. I updated this on GitHub as well as PowerShell Gallery in Module version 1.0.3
Robert H. Osborne
President, OsbornePro LLC.
Executive Operations
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
…On Tuesday, July 6th, 2021 at 12:14, posh-man ***@***.***> wrote:
Describe the bug
It looks like the Cybereason API will not work with a TFA account, and the account used must be an API account.
To Reproduce
I added the following code to the Connect-CybereasonAPI function:
[Parameter(
Position=4,
Mandatory=$true,
ValueFromPipeline=$False, # End Parameter
HelpMessage="`n[H] Enter the code on your google authenticator")]
[String]$Authenticator,
I then added the following code to the same function
$Body = @{
username="$Username"
password="$Passwd"
totpCode="$Authenticator"
}
This produces a result of:
[*] Successfully created an authenticated session to the Cybereason API.
However any other functions produce the following error:
ConvertFrom-Json : Invalid JSON primitive: .
At line:12 char:29
$Response.Content | ConvertFrom-Json | ForEach-Object {
~~~~~~~~~~~~~~~~
CategoryInfo : NotSpecified: (:) [ConvertFrom-Json], ArgumentException
FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.ConvertFromJsonCommand
The only exception to this behavior is the Get-CybereasonThreatIntel function.
Expected behavior
It would be nice to be able to have TFA to access these API's and not be required to use an API account. For automation it is clear that TFA is not going to work; however, for single use case or manned scripting TFA should be available.
**Desktop **
- OS: Windows 10
Additional Considerations
The API from Cybereason seems to have the ability to take TFA, so this may be a simple fix of adding in the functionality.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
Describe the bug
It looks like the Cybereason API will not work with a TFA account, and the account used must be an API account.
To Reproduce
I added the following code to the Connect-CybereasonAPI function:
[Parameter(
Position=4,
Mandatory=$true,
ValueFromPipeline=$False, # End Parameter
HelpMessage="`n[H] Enter the code on your google authenticator")]
[String]$Authenticator,
I then added the following code to the same function
$Body = @{
username="$Username"
password="$Passwd"
totpCode="$Authenticator"
}
This produces a result of:
[*] Successfully created an authenticated session to the Cybereason API.
However any other functions produce the following error:
ConvertFrom-Json : Invalid JSON primitive: .
At line:12 char:29
$Response.Content | ConvertFrom-Json | ForEach-Object {
~~~~~~~~~~~~~~~~
CategoryInfo : NotSpecified: (:) [ConvertFrom-Json], ArgumentException
FullyQualifiedErrorId : System.ArgumentException,Microsoft.PowerShell.Commands.ConvertFromJsonCommand
The only exception to this behavior is the Get-CybereasonThreatIntel function.
Expected behavior
It would be nice to be able to have TFA to access these API's and not be required to use an API account. For automation it is clear that TFA is not going to work; however, for single use case or manned scripting TFA should be available.
**Desktop **
Additional Considerations
The API from Cybereason seems to have the ability to take TFA, so this may be a simple fix of adding in the functionality.
The text was updated successfully, but these errors were encountered: