• Cb Response server (version 6.x and later)

1. Login to the command line of the Cb Response server
2. Execute this add ingress filter command with the following parameters:
   1. Replace "XXXXXXXX" with your API Token.
   2. Enter a unique alphanumeric value for "id"
   3. Replace the regmod_filter path with the exact path to the registry directory.

curl -vv --tlsv1.2 -XPOST -H "X-Auth-Token: XXXXXXXX" -H "Content-Type: application/json" "https://localhost/api/v1/ingress_whitelist" -k -d '

[

  {

    "id": "example",

    "priority": 0,

    "enabled": true,

    "filter_on_server": true,

    "track_metrics": true,

    "os_mask": 7,

    "global": true,

    "group_ids": [],

    "sensor_ids": [],

    "regmod_filters": ["rxi|\\\\registry\\\\machine\\\\software\\\\example directory\\\\example subdirectory\\\\*"],

    "filter_all_events": false,

    "path_filters": ["*"]

  }

]'

• The regmod_filter path is not case sensitive due to the "rxi" parameter.
• Note the required asterisk (*) at the end of the regmod_filters parameter.
• This process must be repeated on all servers in the cluster (master + minions).
• Useful in deployments where a known process makes frequent safe updates to endpoints.