Customizable sync export config

Please note that the explained modification must be handled with precision, as incorrect configuration can cause un-necessary change in database leading to service disruptions. For instance, removing an active routing policy from the JSON config file may lead to issues in log ingestion from concerned devices/log sources. 

Guardsix has exposed the Sync option to transfer configurations between SIEMs by exporting data from one instance and importing it into another. There are limited list of configurations that can be exported to destination server. The list can be found here. Sometimes the configuration can already be present at destination SIEM creating redundant config to be imported. So, the list of configurations can be customized via the exported sync_config_.json file. 

This example explains about removing the repo configuration while importation in destination server.

Creat a new repo can_be_deleted and export the sync config from Settings>System Settings>Sync. 

Open the file in a text editor (such as VS Code) and remove the relevant entry from the JSON file.

If the file is too large to render properly in your editor, you can use the jq command to format (pretty-print) the JSON and save it for easier viewing in text editor.

jq . sync_config_.json > sync_config_pretty.json

BEFORE:

AFTER:

Now importing this modified sync config in destination server doesn't create the new repo can_be_deleted.