Edit Filter on Forwarder
PUT {{cb_url}}/data_forwarder/v2/orgs/{{cb_org_key}}/configs/{{cb_forwarder_id}}/filters/{{cb_forwarder_filter_id}}
Adjust an existing a filter by modifying the query, renaming the filter, changing the action, or enabling/disabling the filter.
RBAC Permissions Required
| Permission (.notation name) | Operation(s) |
|---|---|
| event-forwarder.settings | UPDATE |
Request Body
{"name"=>"Demo filter 1", "enabled"=>false, "action"=>"EXCLUDE", "query"=>"event_origin:edr AND (process_path:c\\:\\\\windows\\\\system32\\\\*) AND type:(endpoint.event.procstart OR endpoint.event.netconn)"}
RESPONSES
status: OK
{"id":"1234abcd-9119-45ef-83f3-1ff36ad10d1d","name":"Second Test Filter","query":"event_origin:edr AND (process_path:c\\:\\\\windows\\\\system32\\\\*) AND type:(endpoint.event.procstart OR endpoint.event.netconn)","action":"EXCLUDE","create_time":"2023-07-21T18:27:51Z","update_time":"2023-07-21T18:32:58Z","enabled":false}