GuardMode 2024.3
  • Welcome to GuardMode!
  • Intro
  • Installation
    • System requirements
    • Installing GuardMode Agent on Windows
      • Updating GuardMode Agent on Windows
    • Installing GuardMode Agent on Linux
      • Using Containerized GuardMode Agent
    • Uninstalling GuardMode Agent on Windows
    • Uninstalling GuardMode Agent on Linux
    • Configuring GuardMode Agent for SAMBA setup
    • Uninstalling GuardMode Agent on SAMBA setup
  • Agent Configuration
    • General Settings
    • Excluded Paths Configuration
    • Adding malware detection rules
      • Honeypot and Decoy Files
      • Write Operations Threshold
      • Detecting File Renaming with Abnormal File Extensions
      • Special Files Monitoring
    • Security Incident Detection
    • SMB Monitoring (Linux Only)
    • Event Reports
      • Configuring Event Reports
      • Excluding Paths From Event Reports
      • Tagging Agent
    • NFS Share Monitoring
    • Altering Audit Rules
    • Blocklist Management
      • Configuring DPX for Automatic Blocklist Updates
    • Using TLS
    • Configuring YARA-X
  • Using GuardMode Agent Command Line
  • REST API Documentation
  • On-demand Scanning
  • Logging
  • FAQ
  • Technical Support
Powered by GitBook
On this page
  1. Agent Configuration
  2. Event Reports

Excluding Paths From Event Reports

PreviousConfiguring Event ReportsNextTagging Agent

Last updated 22 hours ago

The Excluded Paths allow excluding specific paths from appearing in Event Reports, providing more focused monitoring. It also allows you to specify a user to exclude their action within a directory from a report.

Attention! This feature is separate from global path exclusions described in the .

Paths excluded from Event Reports will be monitored for threats but will not be included in the event reports.

Viewing Event Reports excluded paths

To see the current list of excluded paths (empty by default), send a GET request to /settings/reports/file-event-report/excluded-paths:

Each entry has a unique ID, path, and user.

Adding Event Reports excluded paths

To add paths to the exclusion list, Send a POST request to /settings/reports/file-event-report/excluded-paths:

Make sure to include the absolute path and an associated user in the body of your request, for example:

{
  "path": "/path/to/exclude",
  "user": "root"
}

To exclude the path for all users, leave the user key empty or set it to null.

Deleting Event Reports excluded paths

To remove a path from exclusions, send a DELETE request to /settings/report/file-event-report/excluded-paths/{id}:

Tip. You can get the ID of a path using a GET request to the same endpoint.

Excluded paths configuration
get
Authorizations
Header parameters
api-versionstringRequired
Responses
200
Success
get
GET /settings/reports/file-event-report/excluded-paths HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*
200

Success

[
  {
    "id": "123e4567-e89b-12d3-a456-426614174000",
    "path": "text",
    "user": "text"
  }
]
delete
Authorizations
Path parameters
idstring · uuidRequired
Header parameters
api-versionstringRequired
Responses
204
No Content
400
Bad Request
delete
DELETE /settings/reports/file-event-report/excluded-paths/{id} HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Accept: */*

No content
  • Viewing Event Reports excluded paths
  • GET/settings/reports/file-event-report/excluded-paths
  • Adding Event Reports excluded paths
  • POST/settings/reports/file-event-report/excluded-paths
  • Deleting Event Reports excluded paths
  • DELETE/settings/reports/file-event-report/excluded-paths/{id}
post
Authorizations
Header parameters
api-versionstringRequired
Body
pathstring · min: 1Required

Path to exclude

userstring | nullableOptional

Username for which the path should be excluded from monitoring

Responses
201
Created
400
Bad Request
409
Conflict
post
POST /settings/reports/file-event-report/excluded-paths HTTP/1.1
Host: 
Authorization: Basic username:password
api-version: text
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 29

{
  "path": "text",
  "user": "text"
}
{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "path": "text",
  "user": "text"
}