I have a Linux Universal Forwarder that will be receiving events via the REST interface's simple receiver.
Can I set up a minimum capability role (i.e. not admin) user on the UF so that events can be accepted and forwarded to the indexer? I'd like to create a local user on the UF, and give that user this role.
I don't think this is possible using an universal forwarder, but you can try and report back 😉
If it is not working, use a so called heavy forwarder and create the user on it.