Create a Basic Data Filter

Use this procedure to create a Basic filter for a Data Forwarder.

Prerequisites

See Data Forwarder Filters for details regarding Basic filters.

This task assumes:

You have already created your S3 Bucket.
You have already created your Data Forwarder.

Procedure

Make sure you are in the Data Forwarder you intend to add a Basic filter. If necessary:
1. Click Settings > Data Forwarders on the left navigation pane.
2. Select the Data Forwarder you want to add the filter to, select , and then select to edit the Data Forwarder.
Under Filter Data, select Basic.

In each of the available fields, specify how you want the data filtered.

Filter data by	Data must	Values
Has alert ID	N/A	N/A
Event origin	equal, not equal, match any of	EDR, NGAV
Sensor action	equal, not equal, match any of	ACTION_ALLOW, ACTION_BLOCK, ACTION_BREAK, ACTION_SUSPEND, ACTION_TERMINATE
Type	equal, not equal, match any of	endpoint.event.apicall, endpoint.event.crossproc, endpoint.event.fileless_scriptload, endpoint.event.filemod, endpoint.event.moduleload, endpoint.event.netconn, endpoint.event.netconn_proxy, endpoint.event.procstart, endpoint.event.procend, endpoint.event.regmod, endpoint.event.scriptload

To add an additional filter, select and specify the criteria.

Note: New filters are in addition to the existing filters. See example that follows:

Example: Basic Filters

The filter data fields