Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2739
Views
6
Helpful
4
Replies

AMP: Is it possible to duplicate an Exclusion set?

Go to solution
matty-boy
Beginner
Beginner

‎02-08-2019 02:21 AM - edited ‎02-20-2020 09:07 PM

Hi all,

Do you know if it's possible to duplicate an exclusion set?

I'm troubleshooting an issue and need to duplicate the standard exclusion set to make some changes.

There are a lot of individual exclusions so I would rather not do this manually.

Anybody know if this can be done?

Thanks,

Matt.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Matthew Franks
Cisco Employee
Cisco Employee

‎02-08-2019 06:24 AM

Matt,

 

There is a Feature Request in to allow this from the user side but currently the only option is to open a TAC case to have one of our Developers duplicate the list for you.  Please contact your Account Manager so they can add your request to the current Feature Request to give it more visibility.

 

Thanks,

Matt

View solution in original post

4 Replies 4

Go to solution
Matthew Franks
Cisco Employee
Cisco Employee

‎02-08-2019 06:24 AM

Matt,

 

There is a Feature Request in to allow this from the user side but currently the only option is to open a TAC case to have one of our Developers duplicate the list for you.  Please contact your Account Manager so they can add your request to the current Feature Request to give it more visibility.

 

Thanks,

Matt

Go to solution
matty-boy
Beginner
Beginner
In response to Matthew Franks

‎02-08-2019 06:50 AM

Thank you for the info Matthew.

0 Helpful

Go to solution
jeaorozc
Cisco Employee
Cisco Employee

‎03-05-2023 05:07 AM

For future reference:

Customer may now use Cisco Secure Endpoint APIs to accomplish the same.

You may use a GET exclusion set to download the exclusion set you'd like to duplicate.

Then, you can use POST to create a new exclusion set. 

Check out the available Exclusion related APIs here: https://developer.cisco.com/docs/secure-endpoint/#!exclusions

 

There is also a script in Cisco's public github to export Exclusions:

https://github.com/CiscoSecurity/amp-04-export-exclusions

 

Regards,

Jean Orozco Navarro

Technical Consulting Engineer, Secure Endpoint

Go to solution
Matthew Franks
Cisco Employee
Cisco Employee

‎03-10-2023 08:38 AM

While the export exclusions script can help you export each of your exclusions, you would then have to manually add them.  I've created a new script that will duplicate a list for you.
https://github.com/mafranks/duplicate_exclusions_list
The exception with this is that Threat type exclusions are currently not exported so they won't be duplicated and you will have to add those manually.  I've put in a request to have this added to the API functionality so hopefully I can get that updated in the near future.
Hope that helps!

-Matt

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents