collectionFeatures Object

The collectionFeatures object contains the basic details on the collection features in a sensor policy.

Note

The options in the Collection section of the policy (in this collectionFeatures object are not available by default in your environment. Open a Technical Support case to enable these options.

Field	Type	Description
dpiEnabled	Boolean	Indicates whether the DPI collection is enabled for sensors assigned to this policy. This option is not available by default. Open a Technical Support case to enable DPI collection in your environment. If DPI collection is not enabled in your environment, remove this key, the dpiProxyVisibility, and the dpiLateralMovement keys from the request body.
dpiProxyVisibility	Boolean	Indicates whether the Proxy Visibility option for the DPI collection is enabled for sensors assigned to this policy.
dpiLateralMovement	Boolean	Indicates whether the Lateral Movement option for the DPI collection is enabled for sensors assigned to this policy.
metadataEnabled	Boolean	Indicates whether Non-executable file data collection is enabled for sensors assigned to this policy.
metadataWord	Boolean	Indicates whether Non-executable file data collection is enabled for Word documents.
metadataExcel	Boolean	Indicates whether Non-executable file data collection is enabled for Excel documents.
metadataPowerpoint	Boolean	Indicates whether the Non-executable file data collection is enabled for Powerpoint documents.
metadataAcrobat	Boolean	Indicates whether Non-executable file data collection is enabled for Acrobat documents.
metadataPowershell	Boolean	Indicates whether Non-executable file data collection is enabled for PowerShell scripts.
fileEventsEnabled	Boolean	Indicates whether file events collection is enabled for sensors assigned to this policy. This option is not available by default. Open a Technical Support case to have Technical Support to enable file collection in your environment. If file events collection is not enabled in your environment, remove this key, the fileEventsCollectionMode, and the fileEventsExclusions key from the request body.
fileEventsCollectionMode	Enum	The mode to use for the file events collection. Possible values include: FEC_FULL: Collect file events from all files. FEC_EXTENSIONS: Collect file events from specific types of files based on security baselines set by the Cybereason Security Research team.
fileEventsExclusions	Array	A list of process, file, or folder exclusions from file events collection. If you do not want to exclude any processes, files, or folders from the file events collection, leave this array empty.
processName	String	The name of a process to exclude from the file events collection.
path	String	The path of a folder to exclude from the file events collection.
modifiedBy	String	The user name for the Cybereason user creating the policy.
lastModified	Long	The time (in milliseconds) when you create the policy.
registryEventsEnabled	Boolean	Indicates whether the registry events collection is enabled for sensors assigned to this policy. This option is not available by default. Open a Technical Support case to enable registry events collection in your environment. If registry events collection is not enabled in your environment, remove this key, the registryEventsInclusions, and the keys inside the registryEventsInclusions objects from the
registryEventsInclusions	Array	An object containing details on registry keys added to the registry events collection.
dataHash	Long	The hash value for the registry key to add.
key	String	The full registry key to add.
values	Array	The values for the specific key to add when collecting registry events. If you enter values in this array, you must set the value of the depth key below to true.
modifiedBy	String	The name of the Cybereason user that added an inclusion.
depth	Boolean	Indicates if you need to collect specific values from a key instead of all values. If you set the value of this key to true, you must enter values in the values array.