endpointProtection Object
The endpointProtection object contains the basic details on the Endpoint Controls settings in a sensor policy.
Note
The Endpoint Controls section of the policy (in this endpointProtection object is not available by default in your environment. open a Technical Support case to enable the relevant options.
Field |
Type |
Description |
---|---|---|
usbControlEnabled |
Boolean |
Indicates whether Device Control for USB drives is enabled for sensors to which this policy is assigned. |
usbClassActionList |
JSON object |
An object containing details on the device types for which you use Device Control. This object contains multiple different objects with different types of USB devices. |
classType |
Enum |
The type of USB device to which the Device Control options apply. Possible values include:
The USB_CLASS_MTP option is supported from versions 21.1.103 and later. |
action |
Enum |
The privilege access level for take for this type of USB device. Possible values include:
The USB_ACTION_READ_ONLY is supported in versions 21.1.103 and later. If you are on a Cybereason version prior to 21.1.103 and later, and you use the USB_ACTION_READ_ONLY option, the Cybereason platform will change the mode to USB_ACTION_ALLOW_ALL. |
usbExclusions |
Array |
A list of devices to which you add exceptions to the Device Control modes (for the USB_CLASS_MASS_STORAGE and USB_CLASS_MTP types). Use the fields below to add the exclusion. If you do not want to add exceptions for any devices, leave this array empty. |
classType |
Enum |
In the usbExclusions object, the type of USB device. Possible values include:
|
vendor |
String |
In the usbExclusions object, the vendor for the USB device. |
product |
String |
In the usbExclusions object, the product name for the USB device. |
serial |
Integer |
In the usbExclusions object, the serial number of the device. |
action |
Enum |
In the usbExclusions object, the privilege access level for the device. Possible values include:
|
modifiedBy |
String |
In the usbExclusions object, the Cybereason user name for the user creating the policy. |
lastModified |
Long |
In the usbExclusions object, the time (in milliseconds) when you create the policy. |
personalFirewallEnabled |
Boolean |
Indicates if Personal Firewall Control is enabled for sensors to which this policy is assigned. |
privateNetworks |
Boolean |
Indicates whether Personal Firewall Control applies to private networks on associated machines. |
publicNetworks |
Boolean |
Indicates whether Personal Firewall Control applies to public networks on associated machines. |
domains |
Boolean |
Indicates whether Personal Firewall Control applies to domains on associated machines. |
inboundRules |
Array |
A list of personal firewall rules for inbound connections. If you do not want to have custom firewall rules for inbound connections, leave this array empty. Use the fields below to define a rule. |
outboundRules |
Array |
A list of personal firewall rules for outbound connections. If you do not want to have custom firewall rules for outbound connections, leave this array empty. |
Name |
String |
In the inboundRules or outboundRules objects, the name for a custom firewall rule. |
Group |
String |
In the inboundRules or outboundRules objects, the group to which this rule belongs. You must leave this key with a value of Cybereason. |
Profile |
Enum |
In the inboundRules or outboundRules objects, the network profile to which the firewall rule applies. Possible value includes;
If you want the custom firewall rule to apply to all network types, leave this value as Any. |
Enabled |
Boolean |
In the inboundRules or outboundRules objects, indicates whether is rule is enabled. |
Action |
Enum |
In the inboundRules or outboundRules objects, the action to take for the rule. Possible values include:
|
Program |
String |
The name of a program to which the custom firewall rule applies. If you do not want to limit the rule to a single program, set the value of this key to Any. |
LocalAddress |
String |
An IP address of a local machine to which the custom firewall rule should apply. If you do not want to limit the rule to this IP address, set the value of this key to Any. |
RemoteAddress |
String |
An IP address of a remote machine to which the custom firewall rule should apply. If you do not want to limit the rule to this IP address, set the value of this key to Any. |
Protocol |
Enumm |
The protocol to allow for communication based on this custom firewall rule. Possible values include:
If you do not want to limit the protocol for communication, set the value of this key to Any. |
LocalPort |
Integer |
The port on a local machine to which to limit the communication based on this custom firewall rule. If you do not want to limit the communication to a specific port, set the value of this key to Any. |
RemotePort |
Integer |
The port on a remote machine to which to limit the communication based on this custom firewall rule. If you do not want to limit the communication to a specific port, set the value of this key to Any. |
AuthorizedUsers |
String |
Set the value of this key to Any except in advanced circumstances. |
AuthorizedComputers |
String |
Set the value of this key to Any except in advanced circumstances. |
AuthorizedLocalPrincipals |
String |
Set the value of this key to Any except in advanced circumstances. |
LocalUserOwner |
String |
Set the value of this key to Any except in advanced circumstances. |
ApplicationPackage |
String |
Set the value of this key to Any except in advanced circumstances. |