Environment
- Hosted EDR: All Versions (Formerly CB Response Cloud)
- Apple MacOS: All Supported Versions
- Linux: All Supported Versions
Objective
To create an ingress filter for a Hosted EDR instance using a MacOS or Linux endpoint
Resolution
- Collect the Global API Token.
- Review the fields that are available for use.
- Add a new filter:
- Create a new filter and replace <GlobalApiTokenHere>, <ServerHostnameHere>, and set any additional filter fields:
curl -s --tlsv1.2 -XPOST -H "X-Auth-Token: <GlobalApiTokenHere>" -H "Content-Type:application/json" "https://<ServerHostnameHere>/api/v1/ingress_whitelist" -d '
[
{
"descendant_filtering_level": -1,
"id":"test2",
"global": false,
"group_ids": [1, 2],
"os_mask":1,
"path_filters":["*\\unimportant.exe"]
}
]'
- Receiving the ingress filter ID back means that it successfully applied.
Additional Notes
If an ingress filter ID was not received on step 4,
validate that the JSON is correct and that the current ID is not in use. Only the JSON format is validated and not the fields used.
Related Content