diff --git a/configs/swarm/executor.wasm b/configs/swarm/executor.wasm
old mode 100644
new mode 100755
index b447246240b..9eabd2f3906
Binary files a/configs/swarm/executor.wasm and b/configs/swarm/executor.wasm differ
diff --git a/data_model/src/events/data/events.rs b/data_model/src/events/data/events.rs
index 3f205445e75..618007e6522 100644
--- a/data_model/src/events/data/events.rs
+++ b/data_model/src/events/data/events.rs
@@ -549,6 +549,8 @@ mod executor {
         #[cfg(not(feature = "std"))]
         use alloc::{format, string::String, vec::Vec};
 
+        use iroha_data_model_derive::EventSet;
+
         #[derive(
             Debug,
             Copy,
@@ -562,6 +564,7 @@ mod executor {
             serde::Deserialize,
             serde::Serialize,
             iroha_schema::IntoSchema,
+            EventSet,
         )]
         #[non_exhaustive]
         #[ffi_type]
@@ -570,39 +573,6 @@ mod executor {
         pub enum ExecutorEvent {
             Upgraded,
         }
-
-        /// Filter for [`ExecutorEvent`].
-        #[derive(
-            Debug,
-            Copy,
-            Clone,
-            PartialEq,
-            Eq,
-            PartialOrd,
-            Ord,
-            parity_scale_codec::Decode,
-            parity_scale_codec::Encode,
-            serde::Deserialize,
-            serde::Serialize,
-            iroha_schema::IntoSchema,
-        )]
-        #[non_exhaustive]
-        #[serde(untagged)] // Unaffected by #3330, as single unit variant
-        #[repr(transparent)]
-        pub enum ExecutorFilter {
-            Upgraded,
-        }
-    }
-
-    #[cfg(feature = "transparent_api")]
-    impl super::EventFilter for ExecutorFilter {
-        type Event = ExecutorEvent;
-
-        fn matches(&self, event: &Self::Event) -> bool {
-            match (self, event) {
-                (Self::Upgraded, Self::Event::Upgraded) => true,
-            }
-        }
     }
 }
 
@@ -657,7 +627,7 @@ pub mod prelude {
         },
         config::{ConfigurationEvent, ConfigurationEventSet},
         domain::{DomainEvent, DomainEventSet, DomainOwnerChanged},
-        executor::{ExecutorEvent, ExecutorFilter},
+        executor::{ExecutorEvent, ExecutorEventSet},
         peer::{PeerEvent, PeerEventSet},
         permission::PermissionTokenSchemaUpdateEvent,
         role::{RoleEvent, RoleEventSet, RolePermissionChanged},
diff --git a/data_model/src/events/data/filters.rs b/data_model/src/events/data/filters.rs
index 34bf7e5db39..3a53431695e 100644
--- a/data_model/src/events/data/filters.rs
+++ b/data_model/src/events/data/filters.rs
@@ -47,9 +47,13 @@ pub mod model {
         Trigger(TriggerEventFilter),
         /// Matches [`RoleEvent`]s
         Role(RoleEventFilter),
-        // We didn't have filters for these events before the refactor. Should we?
-        // Configuration(ConfigurationEventFilter),
-        // Executor(ExecutorEventFilter),
+        /// Matches [`PermissionTokenSchemaUpdateEvent`]s
+        // nothing to filter for, really
+        PermissionTokenSchemaUpdate,
+        /// Matches [`ConfigurationEvent`]s
+        Configuration(ConfigurationEventFilter),
+        /// Matches [`ExecutorEvent`]s
+        Executor(ExecutorEventFilter),
     }
 
     /// An event filter for [`PeerEvent`]s
@@ -205,6 +209,49 @@ pub mod model {
         /// Matches only event from this set
         pub(super) event_set: RoleEventSet,
     }
+
+    /// An event filter for [`ConfigurationEvent`]s
+    #[derive(
+        Debug,
+        Clone,
+        PartialEq,
+        Eq,
+        PartialOrd,
+        Ord,
+        Getters,
+        Decode,
+        Encode,
+        Deserialize,
+        Serialize,
+        IntoSchema,
+    )]
+    pub struct ConfigurationEventFilter {
+        /// If specified matches only events originating from this configuration
+        pub(super) id_matcher: Option<super::ParameterId>,
+        /// Matches only event from this set
+        pub(super) event_set: ConfigurationEventSet,
+    }
+
+    /// An event filter for [`ExecutorEvent`].
+    #[derive(
+        Debug,
+        Clone,
+        PartialEq,
+        Eq,
+        PartialOrd,
+        Ord,
+        Getters,
+        Decode,
+        Encode,
+        Deserialize,
+        Serialize,
+        IntoSchema,
+    )]
+    pub struct ExecutorEventFilter {
+        // executor is a global entity, so no id here
+        /// Matches only event from this set
+        pub(super) event_set: ExecutorEventSet,
+    }
 }
 
 impl PeerEventFilter {
@@ -550,6 +597,90 @@ impl super::EventFilter for RoleEventFilter {
     }
 }
 
+impl ConfigurationEventFilter {
+    /// Creates a new [`ConfigurationEventFilter`] accepting all [`ConfigurationEvent`]s.
+    pub const fn new() -> Self {
+        Self {
+            id_matcher: None,
+            event_set: ConfigurationEventSet::all(),
+        }
+    }
+
+    /// Modifies a [`ConfigurationEventFilter`] to accept only [`ConfigurationEvent`]s originating from ids matching `id_matcher`.
+    #[must_use]
+    pub fn only_from(mut self, id_matcher: ParameterId) -> Self {
+        self.id_matcher = Some(id_matcher);
+        self
+    }
+
+    /// Modifies a [`ConfigurationEventFilter`] to accept only [`ConfigurationEvent`]s of types matching `event_set`.
+    #[must_use]
+    pub const fn only_events(mut self, event_set: ConfigurationEventSet) -> Self {
+        self.event_set = event_set;
+        self
+    }
+}
+
+impl Default for ConfigurationEventFilter {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+#[cfg(feature = "transparent_api")]
+impl super::EventFilter for ConfigurationEventFilter {
+    type Event = super::ConfigurationEvent;
+
+    fn matches(&self, event: &Self::Event) -> bool {
+        if let Some(id_matcher) = &self.id_matcher {
+            if id_matcher != event.origin_id() {
+                return false;
+            }
+        }
+
+        if !self.event_set.matches(event) {
+            return false;
+        }
+
+        true
+    }
+}
+
+impl ExecutorEventFilter {
+    /// Creates a new [`ExecutorEventFilter`] accepting all [`ExecutorEvent`]s.
+    pub const fn new() -> Self {
+        Self {
+            event_set: ExecutorEventSet::all(),
+        }
+    }
+
+    /// Modifies a [`ExecutorEventFilter`] to accept only [`ExecutorEvent`]s of types matching `event_set`.
+    #[must_use]
+    pub const fn only_events(mut self, event_set: ExecutorEventSet) -> Self {
+        self.event_set = event_set;
+        self
+    }
+}
+
+impl Default for ExecutorEventFilter {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+#[cfg(feature = "transparent_api")]
+impl super::EventFilter for ExecutorEventFilter {
+    type Event = super::ExecutorEvent;
+
+    fn matches(&self, event: &Self::Event) -> bool {
+        if !self.event_set.matches(event) {
+            return false;
+        }
+
+        true
+    }
+}
+
 #[cfg(feature = "transparent_api")]
 impl EventFilter for DataEventFilter {
     type Event = DataEvent;
@@ -573,6 +704,9 @@ impl EventFilter for DataEventFilter {
             (DataEvent::Peer(event), Peer(filter)) => filter.matches(event),
             (DataEvent::Trigger(event), Trigger(filter)) => filter.matches(event),
             (DataEvent::Role(event), Role(filter)) => filter.matches(event),
+            (DataEvent::PermissionToken(_), PermissionTokenSchemaUpdate) => true,
+            (DataEvent::Configuration(event), Configuration(filter)) => filter.matches(event),
+            (DataEvent::Executor(event), Executor(filter)) => filter.matches(event),
 
             (
                 DataEvent::Peer(_)
@@ -600,8 +734,9 @@ impl EventFilter for DataEventFilter {
 
 pub mod prelude {
     pub use super::{
-        AccountEventFilter, AssetDefinitionEventFilter, AssetEventFilter, DataEventFilter,
-        DomainEventFilter, PeerEventFilter, RoleEventFilter, TriggerEventFilter,
+        AccountEventFilter, AssetDefinitionEventFilter, AssetEventFilter, ConfigurationEventFilter,
+        DataEventFilter, DomainEventFilter, ExecutorEventFilter, PeerEventFilter, RoleEventFilter,
+        TriggerEventFilter,
     };
 }
 
diff --git a/docs/source/references/schema.json b/docs/source/references/schema.json
index a70f0d7e38b..93c774cd19d 100644
--- a/docs/source/references/schema.json
+++ b/docs/source/references/schema.json
@@ -619,6 +619,19 @@
       }
     ]
   },
+  "ConfigurationEventFilter": {
+    "Struct": [
+      {
+        "name": "id_matcher",
+        "type": "Option<ParameterId>"
+      },
+      {
+        "name": "event_set",
+        "type": "ConfigurationEventSet"
+      }
+    ]
+  },
+  "ConfigurationEventSet": "u32",
   "Container": {
     "Enum": [
       {
@@ -717,6 +730,20 @@
         "tag": "Role",
         "discriminant": 7,
         "type": "RoleEventFilter"
+      },
+      {
+        "tag": "PermissionTokenSchemaUpdate",
+        "discriminant": 8
+      },
+      {
+        "tag": "Configuration",
+        "discriminant": 9,
+        "type": "ConfigurationEventFilter"
+      },
+      {
+        "tag": "Executor",
+        "discriminant": 10,
+        "type": "ExecutorEventFilter"
       }
     ]
   },
@@ -965,6 +992,15 @@
       }
     ]
   },
+  "ExecutorEventFilter": {
+    "Struct": [
+      {
+        "name": "event_set",
+        "type": "ExecutorEventSet"
+      }
+    ]
+  },
+  "ExecutorEventSet": "u32",
   "ExecutorMode": {
     "Enum": [
       {
@@ -2253,6 +2289,9 @@
   "Option<NonZero<u64>>": {
     "Option": "NonZero<u64>"
   },
+  "Option<ParameterId>": {
+    "Option": "ParameterId"
+  },
   "Option<PeerId>": {
     "Option": "PeerId"
   },
diff --git a/schema/gen/src/lib.rs b/schema/gen/src/lib.rs
index 49baf0f6a5f..7995f54eaf6 100644
--- a/schema/gen/src/lib.rs
+++ b/schema/gen/src/lib.rs
@@ -113,6 +113,8 @@ types!(
     BurnBox,
     ChainId,
     ConfigurationEvent,
+    ConfigurationEventFilter,
+    ConfigurationEventSet,
     ConstString,
     ConstVec<PublicKey>,
     ConstVec<u8>,
@@ -136,6 +138,8 @@ types!(
     ExecutionTime,
     Executor,
     ExecutorEvent,
+    ExecutorEventFilter,
+    ExecutorEventSet,
     Fail,
     EventFilterBox,
     FindAccountById,
@@ -234,6 +238,9 @@ types!(
     Numeric,
     NumericSpec,
     Option<u32>,
+    Option<AccountId>,
+    Option<AssetDefinitionId>,
+    Option<AssetId>,
     Option<DomainId>,
     Option<Duration>,
     Option<Hash>,
@@ -242,8 +249,11 @@ types!(
     Option<IpfsPath>,
     Option<NonZeroU32>,
     Option<NonZeroU64>,
+    Option<ParameterId>,
+    Option<PeerId>,
     Option<PipelineEntityKind>,
     Option<PipelineStatusKind>,
+    Option<RoleId>,
     Option<String>,
     Option<TimeInterval>,
     Option<TransactionRejectionReason>,