Intake Filters
Intake filters are used as a way to override the decision to upload a file, and they apply to any scenario where a file may be uploaded. These filters are applied on the server and differ from exclusions in the following ways:
Intake filters block uploads from all sources: forwarders, API, and even manual upload from the UI. Exclusions are only honored by forwarders. Since intake filters are applied on the server, forwarders will still sight files that match intake filters. The forwarder still has to open and hash the file, which can lead to interoperability issues and some performance degradation.
Intake filters leverage CEL to build queries to set the parameter - CEL Documentation
Contains is not valid as an Intake filter
Updated 17 days ago