Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Response: Is it possible to filter data in Event Forwarder?

Cb Response: Is it possible to filter data in Event Forwarder?

Environment

  • Cb Event Forwarder 3.4 and higher

Question

  • Can Cb Event Forwarder filter data?

Answer

  1. Yes, fields can be filtered within Event Forwarder.
  2. Add the following to the /etc/cb/integrations/event-forwarder/cb-event-forwarder.conf configuration file if missing: remove_from_output="field to be filtered"
    1. Example below would be for filtering out command lines from being forwarded: 
      remove_from_output=command_line,cmdline

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎01-15-2019
Views:
431
Contributors