Hi all,
I'm looking for a way to manage event filters across a number of deployments. Is there any API available to create / manage those or can it only be done in the UI?
The feature I'm referring to:
@ryanturner03 yes, you can use the API directly to manage Event Filters.
Refer to this documentation: Event filters | Elastic Security Solution [8.3] | Elastic
Nice! I knew it had to be somewhere - I didn't think of it as an endpoint API but makes sense now. Thanks Kevin!
One thing to add that I found is that the documentation mentions using a list_id of "endpoint_events", but in the version of Kibana I am using (8.3.2) the list_id that is used is "endpoint_event_filters".
If you don't use that list_id, the filters don't have any effect and wont appear in the UI
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.