What is an Intake Filter?

Intake filters are used as a way to override the decision to upload a file, and they apply to any scenario where a file may be uploaded. Unlike exclusions, this will also block uploads of a matching file type whether from the forwarder, using the API, or manually in the UI.

Example 1:

Trying to block all uploads of a .pdf file to ensure that these file types are never uploaded into the platform.

object.name.contains(r".pdf")

Example 2:

Trying to block all Crowdstrike Policy files.

object.path == r"C:\Windows\System32\drivers\CrowdStrike\" && object.name.matches(r".sys$")