Create Filter on Forwarder

POST {{cb_url}}/data_forwarder/v2/orgs/{{cb_org_key}}/configs/{{cb_forwarder_id}}/filters

Create a filter for the specified configuration to include or exclude data from being forwarded.

RBAC Permissions Required

Permission (.notation name)Operation(s)
event-forwarder.settingsCREATE

Request Body

{"name"=>"Demo filter 1", "enabled"=>false, "action"=>"EXCLUDE", "query"=>"event_origin:edr AND (process_path:c\\:\\\\windows\\\\system32\\\\*) AND type:(endpoint.event.procstart OR endpoint.event.netconn)"}