Hosted EDR: How to Create Ingress Filters using MacOS or Linux
search cancel

Hosted EDR: How to Create Ingress Filters using MacOS or Linux

book

Article ID: 287782

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

To create an ingress filter for a Hosted EDR instance using a MacOS or Linux endpoint

Environment

  • Hosted EDR: All Versions (Formerly CB Response Cloud)
  • Apple MacOS: All Supported Versions
  • Linux: All Supported Versions

Resolution

  1. Collect the Global API Token.
  2. Review the fields that are available for use.
  3. Add a new filter:
    • Create a new filter and replace <GlobalApiTokenHere>, <ServerHostnameHere>, and set any additional filter fields:  
      curl -s --tlsv1.2 -XPOST -H "X-Auth-Token: <GlobalApiTokenHere>" -H "Content-Type:application/json" "https://<ServerHostnameHere>/api/v1/ingress_whitelist"  -d '

[
  {
    "descendant_filtering_level": -1,    
    "id":"test2",
    "global": false,
    "group_ids": [1, 2],
    "os_mask":1,
    "path_filters":["*\\unimportant.exe"]
  }
]'
  4. Receiving the ingress filter ID back means that it successfully applied.

Additional Information

If an ingress filter ID was not received on step 4, validate that the JSON is correct and that the current ID is not in use. Only the JSON format is validated and not the fields used.
Powered by Wolken Software