Configuring Event Reports
Last updated
Last updated
See also. Event Reports configuration uses GuardMode Agent's REST API. For a full list of available commands, see REST API documentation.
Configuring Event Reports is available through the Agent’s REST API (accessible from http://localhost:5000/swagger).
To view the current Event Reports configuration, send a GET request to /settings/reports/file-event-report:
By default, Event Reports use the following settings:
enabled: false
Time zone: UTC
Reporting time: 08:00 AM
To get the list of available time zones, send a GET request to /settings/timezones:
Listed time zones include offset, which accounts for daylight saving time.
You can enable Event Reports and set the time zone using a PUT request to /settings/reports/file-event-report:
Tip. This feature is only available on GuardMode 2024.1 or higher.
To view the current list of included paths for Event Reports, send a GET request to /settings/reports/file-event-report/included-paths:
This endpoint returns a list of paths that are currently included in the Event Reports. Each path in this list is checked against the excluded paths to determine if it should be included in the report.
To add a new path to the list of included paths, send a POST request to /settings/reports/file-event-report/included-paths:
To remove a path from the list of included paths, send a DELETE request to /settings/reports/file-event-report/included-paths/{id}:
Replace {id} with the identifier of the path you want to remove. You can obtain this identifier from the response of the GET request to view included paths.
Attention! Be specific with your paths to avoid unintentional exclusions. For example, including /var/foo and excluding /var/foo/bar will include /var/foo/baz.txt but exclude /var/foo/bar/other1/test.bin.
To add new Event Reports reporting time, send a POST request to /settings/reports/file-event-report/hours with the time in HH:MM:SS format.
You can remove reporting hours using a DELETE request to /settings/reports/file-event-report/hours with the time you want to remove in HH:MM:SS format.
Tip. Event Reports require at least one reporting hour to work. Trying to remove the only remaining reporting hour will result in an error.
/settings/reports/file-event-report
/settings/reports/file-event-report
/settings/reports/file-event-report/included-paths
/settings/reports/file-event-report/included-paths
Path to include
Username for which the path should be included in file event reports
/settings/reports/file-event-report/included-paths/{id}
No body
/settings/reports/file-event-report/hours
/settings/reports/file-event-report/hours