endpointProtection Object

The endpointProtection object contains the basic details on the Endpoint Controls settings in a sensor policy.

Note

The Endpoint Controls section of the policy (in this endpointProtection object is not available by default in your environment. open a Technical Support case to enable the relevant options.

Field

Type

Description

usbControlEnabled

Boolean

Indicates whether Device Control for USB drives is enabled for sensors to which this policy is assigned.

usbClassActionList

JSON object

An object containing details on the device types for which you use Device Control.

This object contains multiple different objects with different types of USB devices.

classType

Enum

The type of USB device to which the Device Control options apply. Possible values include:

  • USB_CLASS_MASS_STORAGE: Mass storage USB devices

  • USB_CLASS_MTP: Mobile/media USB devices

The USB_CLASS_MTP option is supported from versions 21.1.103 and later.

action

Enum

The privilege access level for take for this type of USB device. Possible values include:

  • USB_ACTION_ALLOW_ALL (for both USB_CLASS_MASS_STORAGE and USB_CLASS_MTP devices)

  • USB_ACTION_READ_ONLY (for USB_CLASS_MASS_STORAGE devices only)

  • USB_ACTION_BLOCK_ALL (for both USB_CLASS_MASS_STORAGE and USB_CLASS_MTP devices)

The USB_ACTION_READ_ONLY is supported in versions 21.1.103 and later. If you are on a Cybereason version prior to 21.1.103 and later, and you use the USB_ACTION_READ_ONLY option, the Cybereason platform will change the mode to USB_ACTION_ALLOW_ALL.

usbExclusions

Array

A list of devices to which you add exceptions to the Device Control modes (for the USB_CLASS_MASS_STORAGE and USB_CLASS_MTP types). Use the fields below to add the exclusion.

If you do not want to add exceptions for any devices, leave this array empty.

classType

Enum

In the usbExclusions object, the type of USB device. Possible values include:

  • USB_CLASS_MASS_STORAGE

  • USB_CLASS MTP

vendor

String

In the usbExclusions object, the vendor for the USB device.

product

String

In the usbExclusions object, the product name for the USB device.

serial

Integer

In the usbExclusions object, the serial number of the device.

action

Enum

In the usbExclusions object, the privilege access level for the device. Possible values include:

  • USB_ACTION_ALLOW_ALL (for both USB_CLASS_MASS_STORAGE and USB_CLASS_MTP devices)

  • USB_ACTION_READ_ONLY (for USB_CLASS_MASS_STORAGE devices only)

  • USB_ACTION_BLOCK_ALL (for both USB_CLASS_MASS_STORAGE and USB_CLASS_MTP devices)

modifiedBy

String

In the usbExclusions object, the Cybereason user name for the user creating the policy.

lastModified

Long

In the usbExclusions object, the time (in milliseconds) when you create the policy.

personalFirewallEnabled

Boolean

Indicates if Personal Firewall Control is enabled for sensors to which this policy is assigned.

privateNetworks

Boolean

Indicates whether Personal Firewall Control applies to private networks on associated machines.

publicNetworks

Boolean

Indicates whether Personal Firewall Control applies to public networks on associated machines.

domains

Boolean

Indicates whether Personal Firewall Control applies to domains on associated machines.

inboundRules

Array

A list of personal firewall rules for inbound connections. If you do not want to have custom firewall rules for inbound connections, leave this array empty. Use the fields below to define a rule.

outboundRules

Array

A list of personal firewall rules for outbound connections. If you do not want to have custom firewall rules for outbound connections, leave this array empty.

Name

String

In the inboundRules or outboundRules objects, the name for a custom firewall rule.

Group

String

In the inboundRules or outboundRules objects, the group to which this rule belongs. You must leave this key with a value of Cybereason.

Profile

Enum

In the inboundRules or outboundRules objects, the network profile to which the firewall rule applies. Possible value includes;

  • All: All network types

  • Domain: Domain networks

  • Public: Public networks

  • Private: Private

  • PrivatePublic: Private and Public networks

  • PrivateDomain: Private and Domain networks

  • PublicDomain Public and Domain networks

If you want the custom firewall rule to apply to all network types, leave this value as Any.

Enabled

Boolean

In the inboundRules or outboundRules objects, indicates whether is rule is enabled.

Action

Enum

In the inboundRules or outboundRules objects, the action to take for the rule. Possible values include:

  • Allow: Allow all communication

  • Block: Block all communication

  • Secure: Allow communication but through secure configurations

Program

String

The name of a program to which the custom firewall rule applies. If you do not want to limit the rule to a single program, set the value of this key to Any.

LocalAddress

String

An IP address of a local machine to which the custom firewall rule should apply. If you do not want to limit the rule to this IP address, set the value of this key to Any.

RemoteAddress

String

An IP address of a remote machine to which the custom firewall rule should apply. If you do not want to limit the rule to this IP address, set the value of this key to Any.

Protocol

Enumm

The protocol to allow for communication based on this custom firewall rule. Possible values include:

  • HOPOPT

  • ICMPv4

  • IGMP

  • TCP

  • UDP

  • IPv6

  • IPv6Route

  • IPv6Frag

  • GRE

  • ICMPv6

  • IPv6NoNxt

  • IPv6Opts

  • VRRP

  • PGM

  • L2TP

If you do not want to limit the protocol for communication, set the value of this key to Any.

LocalPort

Integer

The port on a local machine to which to limit the communication based on this custom firewall rule. If you do not want to limit the communication to a specific port, set the value of this key to Any.

RemotePort

Integer

The port on a remote machine to which to limit the communication based on this custom firewall rule. If you do not want to limit the communication to a specific port, set the value of this key to Any.

AuthorizedUsers

String

Set the value of this key to Any except in advanced circumstances.

AuthorizedComputers

String

Set the value of this key to Any except in advanced circumstances.

AuthorizedLocalPrincipals

String

Set the value of this key to Any except in advanced circumstances.

LocalUserOwner

String

Set the value of this key to Any except in advanced circumstances.

ApplicationPackage

String

Set the value of this key to Any except in advanced circumstances.