Create Custom Event Exclusion Profile via API

Create Custom Event Exclusion Profile via API

It may be a lengthy process to create an event exclusion profile with many entries using the GUI. This article shows how to create two custom event exclusion profiles via the API. The urestapi tool is used (https://pypi.org/project/urestapi/). 


Commands to import the event exclusion profiles are below: 

Command
urestapi -k customer_apikey.json -a /eventExcludeProfiles -m POST -D exclusion_profile_minimal.json
urestapi -k customer_apikey.json -a /eventExcludeProfiles -m POST -D exclusion_profile_robust.json


The json files containing the exclusion profiles are attached. 

After the exclusion profiles are created you must apply them to desired assets for them to take effect (Assets -> Configure Assets -> choose tag then apply desired exclusion profile).

 

    • Related Articles

    • API calling via Swagger

      Go To the "Account Settings". Click the "CREATE" button to generate API keys, which will be downloaded in JSON format. The downloaded JSON will contain information such as customerId, API key, API Secret, Domain, DomainSuffix, and other relevant ...
    • Create Custom Threat Source using API

      The article includes the API query to create and update the threat source. We support uploading CSV as of now. To create Threat source: curl --location --request POST ...
    • Provisioning roles using API

      Overview Starting with Uptycs portal release 46025, Uptycs provides entity level granular user permissions through roles. This document outlines the process to create roles using API - with examples. Procedure -- Create a new role $ urestapi -k ...
    • Create AWS Integration account from CLI

      aws_cloud_account_create.py Usage:   python3 cloud_account_create.py <uptycs_apikey_file> <account_name> <service_list_file.json> [--domainsuffix <domain>] Example: python3 aws_cloud_account_create.py john_apikey.json perf_test ...
    • API: Scheduled Queries

      Following is an example for creating Scheduled Queries scheduledquery.json { "name": "Test query scheduled 10", "type": "scheduled", "description": "demo query", "query": "SELECT pid FROM processes where upt_server_time between :from and :to LIMIT ...