Excluding Paths From Event Reports

The Excluded Paths allow excluding specific paths from appearing in Event Reports, providing more focused monitoring. It also allows you to specify a user to exclude their action within a directory from a report.

Attention! This feature is separate from global path exclusions described in the Excluded paths configuration.

Paths excluded from Event Reports will be monitored for threats but will not be included in the event reports.

Viewing Event Reports excluded paths

To see the current list of excluded paths (empty by default), send a GET request to /settings/reports/file-event-report/excluded-paths:

Each entry has a unique ID, path, and user.

Adding Event Reports excluded paths

To add paths to the exclusion list, Send a POST request to /settings/reports/file-event-report/excluded-paths:

Make sure to include the absolute path and an associated user in the body of your request, for example:

{
  "path": "/path/to/exclude",
  "user": "root"
}

To exclude the path for all users, leave the user key empty or set it to null.

Deleting Event Reports excluded paths

To remove a path from exclusions, send a DELETE request to /settings/report/file-event-report/excluded-paths/{id}:

Tip. You can get the ID of a path using a GET request to the same endpoint.

Last updated