Excluding Paths From Event Reports

The Excluded Paths allow excluding specific paths from appearing in Event Reports, providing more focused monitoring. It also allows you to specify a user to exclude their action within a directory from a report.

Attention! This feature is separate from global path exclusions described in the Excluded paths configuration.

Paths excluded from Event Reports will be monitored for threats but will not be included in the event reports.

Viewing Event Reports excluded paths

To see the current list of excluded paths (empty by default), send a GET request to /settings/reports/file-event-report/excluded-paths:

get

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Responses

200

Success

get

/settings/reports/file-event-report/excluded-paths

GET /settings/reports/file-event-report/excluded-paths HTTP/1.1
Authorization: Basic username:password
api-version: text
Accept: */*

200

Success

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "path": "text",
    "user": "text"
  }
]

Each entry has a unique ID, path, and user.

Adding Event Reports excluded paths

To add paths to the exclusion list, Send a POST request to /settings/reports/file-event-report/excluded-paths:

post

Authorizations

AuthorizationstringRequired

Basic Authorization header

Header parameters

api-versionstringRequired

Body

pathstring · min: 1Required

Path to exclude

userstring · nullableOptional

Username for which the path should be excluded from monitoring

Responses

201

Created

400

Bad Request

409

Conflict

post

/settings/reports/file-event-report/excluded-paths

POST /settings/reports/file-event-report/excluded-paths HTTP/1.1
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 29

{
  "path": "text",
  "user": "text"
}

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "path": "text",
  "user": "text"
}

Make sure to include the absolute path and an associated user in the body of your request, for example:

{
  "path": "/path/to/exclude",
  "user": "root"
}

To exclude the path for all users, leave the user key empty or set it to null.

Deleting Event Reports excluded paths

To remove a path from exclusions, send a DELETE request to /settings/report/file-event-report/excluded-paths/{id}:

delete

Authorizations

AuthorizationstringRequired

Basic Authorization header

Path parameters

idstring · uuidRequired

Header parameters

api-versionstringRequired

Responses

204

No Content

400

Bad Request

delete

/settings/reports/file-event-report/excluded-paths/{id}

DELETE /settings/reports/file-event-report/excluded-paths/{id} HTTP/1.1
Authorization: Basic username:password
api-version: text
Accept: */*

No content

Tip. You can get the ID of a path using a GET request to the same endpoint.

PreviousConfiguring Event Reports NextTagging Agent

Last updated 8 months ago

hashtagViewing Event Reports excluded paths

hashtagAdding Event Reports excluded paths

hashtagDeleting Event Reports excluded paths

Viewing Event Reports excluded paths

Adding Event Reports excluded paths

Deleting Event Reports excluded paths