Create Filter on Forwarder
POST {{cb_url}}/data_forwarder/v2/orgs/{{cb_org_key}}/configs/{{cb_forwarder_id}}/filters
Create a filter for the specified configuration to include or exclude data from being forwarded.
RBAC Permissions Required
Permission (.notation name) | Operation(s) |
---|---|
event-forwarder.settings | CREATE |
Request Body
{"name"=>"Demo filter 1", "enabled"=>false, "action"=>"EXCLUDE", "query"=>"event_origin:edr AND (process_path:c\\:\\\\windows\\\\system32\\\\*) AND type:(endpoint.event.procstart OR endpoint.event.netconn)"}