Create Custom Event Exclusion Profile via API

Create Custom Event Exclusion Profile via API

It may be a lengthy process to create an event exclusion profile with many entries using the GUI. This article shows how to create two custom event exclusion profiles via the API. The urestapi tool is used ( 

Commands to import the event exclusion profiles are below: 

urestapi -k customer_apikey.json -a /eventExcludeProfiles -m POST -D exclusion_profile_minimal.json
urestapi -k customer_apikey.json -a /eventExcludeProfiles -m POST -D exclusion_profile_robust.json

The json files containing the exclusion profiles are attached. 

After the exclusion profiles are created you must apply them to desired assets for them to take effect (Assets -> Configure Assets -> choose tag then apply desired exclusion profile).


    • Related Articles

    • Create Custom Threat Source using API

      The article includes the API query to create and update the threat source. To create Threat source: curl --location --request POST '' \ --header ...
    • Provisioning roles using API

      Overview Starting with Uptycs portal release 46025, Uptycs provides entity level granular user permissions through roles. This document outlines the process to create roles using API - with examples. Procedure -- Create a new role $ urestapi -k ...
    • Create AWS Integration account from CLI Usage:   python3 <uptycs_apikey_file> <account_name> <service_list_file.json> [--domainsuffix <domain>] Example: python3 john_apikey.json perf_test ...
    • API: Scheduled Queries

      Following is an example for creating Scheduled Queries scheduledquery.json { "name": "Test query scheduled 10", "type": "scheduled", "description": "demo query", "query": "SELECT pid FROM processes where upt_server_time between :from and :to LIMIT ...
    • Uptycs Alert Triggers API Call

      This python module can be run to trigger Uptycs API calls from Uptycs alerts.  Example: An alert is configured to fire when asset location is not in USA (possible GDPR issue). This python can then be run to automatically make an API call to disable ...