Excluding Paths From Event Reports

The Excluded Paths allow to exclude specific paths from appearing in Event Reports, providing more focused monitoring. It also allows you to specify a user to exclude their action within a directory from a report.

Attention! This feature is separate from global path exclusions described in the Excluded paths configuration.

Paths excluded from Event Reports will be monitored for threats but will not be included in the event reports.

Viewing Event Reports excluded paths

To see the current list of excluded paths (empty by default), send a GET request to /settings/reports/file-event-report/excluded-paths:

GET/settings/reports/file-event-report/excluded-paths

Header parameters

Response

Success

Body

id*string (uuid)

Excluded path identifier

path*string

Path to exclude

usernullable string

Username for which the path should be excluded from monitoring

Request

const response = await fetch('/settings/reports/file-event-report/excluded-paths', {
    method: 'GET',
    headers: {
      "api-version": "text"
    },
});
const data = await response.json();

Response

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "path": "text",
    "user": "text"
  }
]

Each entry has a unique ID, path, and user.

Adding Event Reports excluded paths

To add paths to the exclusion list, Send a POST request to /settings/reports/file-event-report/excluded-paths:

POST/settings/reports/file-event-report/excluded-paths

Header parameters

Body

path*string

Path to exclude

usernullable string

Username for which the path should be excluded from monitoring

Response

Created

Body

idstring (uuid)

prefixFilePath (object)

usernamenullable string

Request

const response = await fetch('/settings/reports/file-event-report/excluded-paths', {
    method: 'POST',
    headers: {
      "api-version": "text",
      "Content-Type": "application/json-patch+json"
    },
    body: JSON.stringify({
      "path": "text"
    }),
});
const data = await response.json();

Response

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "prefix": {
    "isQualified": false,
    "fileName": "text"
  },
  "username": "text"
}

Make sure to include the absolute path and an associated user in the body of your request, for example:

{
  "path": "/path/to/exclude",
  "user": "root"
}

To exclude the path for all users, leave the user key empty or set it to null.

Deleting Event Reports excluded paths

To remove a path from exclusions, send a DELETE request to /settings/report/file-event-report/excluded-paths/{id}:

DELETE/settings/reports/file-event-report/excluded-paths/{id}

Path parameters

id*string (uuid)

Header parameters

Response

No Content

Request

const response = await fetch('/settings/reports/file-event-report/excluded-paths/{id}', {
    method: 'DELETE',
    headers: {
      "api-version": "text"
    },
});
const data = await response.json();

Response

{
  "type": "text",
  "title": "text",
  "detail": "text",
  "instance": "text"
}

Tip. You can get the ID of a path using a GET request to the same endpoint.

PreviousConfiguring Event Reports NextTagging Agent