Create Forwarder

POST {{cb_url}}/data_forwarder/v2/orgs/{{cb_org_key}}/configs

Use this call to create a new forwarder. The API will then make calls to check whether the Forwarder can write to the specified S3 Bucket using the configuration supplied. The API will then make calls to check whether the Forwarder can write to the specified storage using the configuration supplied. It will attempt to write a test message called healthcheck.json to the specified bucket under a sub-folder called healthcheck or container. If the bucket is misconfigured (e.g. incorrect permissions, principle arn, etc.) or the configuration is incorrect (e.g. bucket prefix doesn't match path specified in policy), the API will respond with a 400 error and message with information about what was incorrect and how to fix the issue.

If you want to forward alert type data, endpoint.event type data and watchlist hit type data, you must create a separate forwarder for each.

The forwarder should be configured to send the data to its own subfolder in the S3 bucket using the S3 prefix property, and the subfolder you configure will be automatically added to the S3 bucket. A separate container should be used in Azure Blob Storage.

Support for the Azure Blob Storage destination was added in January 2024. See the announcement on the Developer Network Blog for more information.

{
  "name": "<string>",
  "azure_client_id": "<string>",
  "azure_container_name": "<string>",
  "azure_storage_account": "<string>",
  "azure_tenant_id": "<string>",
  "s3_bucket_name": "<string>",
  "s3_prefix": "<string>",
  "type": "<string>",
  "enabled": <boolean>,
  "version_constraint": "<string>",
  "destination": "<string>"
}

RBAC Permissions Required

Permission (.notation name)Operation(s)
event-forwarder.settingsCREATE

API Documentation on the Developer Network.

Request Body

{"name"=>"Demo Create Azure Alert", "enabled"=>false, "type"=>"alert", "version_constraint"=>"2.0.0", "destination"=>"azure_blob_storage", "azure_storage_account"=>"azuredemo", "azure_container_name"=>"azure-event-dmo", "azure_tenant_id"=>"a12345bc-1abcd-1a2b-a1b2-ab12c3de45f6", "azure_client_id"=>"X98766yz-z987-z9x8-z9x8-zx98y7vw65u4", "s3_prefix"=>"demo-event", "s3_bucket_name"=>"demo-bucket"}

HEADERS

KeyDatatypeRequiredDescription
Content-Typestring

RESPONSES

status: OK

{&quot;id&quot;:&quot;dba5f821-9db9-11ee-a7d0-268d0c3c098b&quot;,&quot;org_key&quot;:&quot;ABCD1234&quot;,&quot;name&quot;:&quot;Azure Alert Demo&quot;,&quot;enabled&quot;:false,&quot;type&quot;:&quot;alert&quot;,&quot;version_constraint&quot;:&quot;2.0.0&quot;,&quot;current_version&quot;:&quot;2.0.0&quot;,&quot;create_time&quot;:&quot;2023-12-18T15:26:47Z&quot;,&quot;update_time&quot;:&quot;2023-12-18T15:26:47Z&quot;,&quot;destination&quot;:&quot;azure_blob_storage&quot;,&quot;azure_storage_account&quot;:&quot;azuredemo&quot;,&quot;azure_container_name&quot;:&quot;azure-event-demo&quot;,&quot;azure_tenant_id&quot;:&quot;a12345bc-1abcd-1a2b-a1b2-ab12c3de45f6&quot;,&quot;azure_client_id&quot;:&quot;X98766yz-z987-z9x8-z9x8-zx98y7vw65u4&quot;}