Environment

• Hosted Cloud: All Versions
• Microsoft Windows: All Supported Versions
• Microsoft Powershell: Version 3

Objective

Resolution

1. Collect the Global API Token.
2. Review the fields that are available for use.
3. Configure Powershell for TLS v1.2:
   • Run within Powershell for each session:

     [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

4. Create a new filter and replace <GlobalApiTokenHere>, <ServerHostnameHere>, and set any additional filter fields:
   1. Use Invoke-RestMethod.

      $JSON = @'
      
      [
      {
      "descendant_filtering_level": -1,
      "id":"test2",
      "global": false,
      "group_ids": [1, 2],
      "os_mask":1,
      "path_filters":["*\\unimportant.exe"]
      }
      ]
      
      '@
      
      $response = Invoke-RestMethod -Headers @{"X-Auth-Token" = "<GlobalApiTokenHere>"} -ContentType "application/json" -Method POST -Uri https://<ServerHostnameHere>/api/v1/ingress_whitelist -Body $JSON

   2. If option A does not work then use Invoke-WebRequest.

      $JSON = @'
      
      [
      {
      "descendant_filtering_level": -1,
      "id":"test2",
      "global": false,
      "group_ids": [1, 2],
      "os_mask":1,
      "path_filters":["*\\unimportant.exe"]
      }
      ]
      
      '@
      
      $response = Invoke-WebRequest -Headers @{"X-Auth-Token" = "<GlobalApiTokenHere>"} -ContentType "application/json" -Method POST -Uri https://<ServerHostnameHere>/api/v1/ingress_whitelist -Body $JSON | Select-Object -Expand Content

5. Press Enter.  If no response is received then the ingress filter has been added successfully.
6. Confirm the filter has been added - https://community.carbonblack.com/t5/Knowledge-Base/CB-Response-Cloud-How-to-Check-Current-Ingress-F...

Additional Notes

Related Content