After upgrading to version 2.3.0+, I can no longer poll audit logs in the Carbon Black Cloud app in QRadar.
With version 2.3.0+, Audit Logs use Custom Key instead of API Key. Therefore, you must add a new permission to the Custom Key: Audit Logs (org.audits) - READ.
