Managing event filters outside the UI

Hi all,
I'm looking for a way to manage event filters across a number of deployments. Is there any API available to create / manage those or can it only be done in the UI?

The feature I'm referring to:

@ryanturner03 yes, you can use the API directly to manage Event Filters.

Refer to this documentation: Event filters | Elastic Security Solution [8.3] | Elastic

Nice! I knew it had to be somewhere - I didn't think of it as an endpoint API but makes sense now. Thanks Kevin!

One thing to add that I found is that the documentation mentions using a list_id of "endpoint_events", but in the version of Kibana I am using (8.3.2) the list_id that is used is "endpoint_event_filters".

If you don't use that list_id, the filters don't have any effect and wont appear in the UI

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.