Environment
- Cb Response Server On Premise: 6.x and above
- RHEL: All supported versions
- CentOS: All supported versions
Objective
Implement ingress filters on Cb Response servers using a Web UI/API port other than 443 (e.g. 8443)
Resolution
Modify the ingress filter syntax from 'localhost' to '127.0.0.1:8443'
curl -XPOST -H "X-Auth-Token: <API-Token-Here>" -H "Content-Type: application/json" "https://localhost/api/v1/ingress_whitelist" -k -d ' [ { "id":"test2", "global": false, "group_ids": [1, 2], "os_mask":1, "path_filters":["*\\unimportant.exe"] } ]' |
TO
curl -XPOST -H "X-Auth-Token: <API-Token-Here>" -H "Content-Type: application/json" "https://127.0.0.1:8443/api/v1/ingress_whitelist" -k -d ' [ { "id":"test2", "global": false, "group_ids": [1, 2], "os_mask":1, "path_filters":["*\\unimportant.exe"] } ]' |
Additional Notes
Changing the 'localhost' field to '127.0.0.1:8443' is necessary for the filter to be interpreted correctly
Related Content
Ingress Filter Details - Carbon Black Developer Network
Cb Response: 6.x Ingress Filtering Fields
Cb Enterprise Response - Managing Retention.pdf
How To Determine Chatty Processes/Hosts in CbEvents