Qodex.ai

Validate Filter

POST {{cb_url}}/data_forwarder/v2/orgs/{{cb_org_key}}/validate_filter

Validate whether the filter is valid. If a version constraint is not provided, the lowest version is used.

{
  "action": "<string>",
  "enabled": <boolean>,
  "name": "<string>",
  "query": "<string>",
  "version_constraint": "<string>"
}

RBAC Permissions Required

Permission (.notation name)Operation(s)
event-forwarder.settingsCREATE

See Documentation

Request Body

{"name"=>"Demo filter 1", "enabled"=>false, "action"=>"EXCLUDE", "query"=>"event_origin:edr AND (process_path:c\\:\\\\windows\\\\system32\\\\*) AND type:(endpoint.event.procstart OR endpoint.event.netconn)", "version_constraint"=>"1.1.0"}

RESPONSES

status: OK

{&quot;id&quot;:&quot;&quot;,&quot;name&quot;:&quot;type netconn and has protocol&quot;,&quot;query&quot;:&quot;type:endpoint.event.netconn AND netconn_application_protocol:TLS OR netconn_application_protocol:HTT&quot;,&quot;action&quot;:&quot;INCLUDE&quot;,&quot;create_time&quot;:&quot;&quot;,&quot;update_time&quot;:&quot;&quot;,&quot;enabled&quot;:true}