Create a Sensor Policy
Endpoint URL: https://<your server>/rest/policies
Endpoint URI: policies
Action: POST
Creates a sensor policy with the appropriate settings.
Before you create a new sensor policy, you should retrieve the details on an existing policy in your environment to ensure you include all the relevant fields in your request body. For details on how to retrieve details on a specific policy, see Retrieve Details on a Sensor Policy.
You must be assigned the System Admin role and Sensor Admin L1 role (if your Cybereason environment uses sensor grouping) to send requests to this endpoint URL.
Note
Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.
Request Headers
You must add a Content-Type:application/json header with the request.
Note
If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.
Request Body
Input: JSON
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
{
"nameDescription":
{
"name":"<name>",
"description":"<description>",
"notes":"<note string>",
},
"antiMalware": {
"enabled":false,
"signatureMode":"<mode>",
"documentProtectionMode":"<mode>",
"documentProtectionSensitivityLevel":"<mode>",
"documentProtectionExclusions":[
{
"file":"<rule ID>",
"modifiedBy":"<user name>",
"lastModified":"1111111111111"
}
],
"detectMode":1,
"preventMode":1,
"quarantineMaliciousFiles":false,
"exclusions":[
{
"file":"<path to file>",
"modifiedBy":"<user name>",
"lastModified":1111111111111
}
],
"quickScanEnabled":false,
"quickScan": {
"period":"<time period>",
"periodicHour":12,
"periodicDay":0,
"periodicOccurrence":1
},
"quickScanMode":"<mode>",
"fullScanEnabled":false,
"fullScan": {
"period":"<time period>",
"periodicHour":16,
"periodicDay":3,
"periodicOccurrence":1
},
"fullScanMode":"<mode>",
"localUpdateServerUrl":"<server URL>",
"updateFrequencyIntervalMin":15,
"limitFileExtensions":true,
"ignoreNetworkPaths":true,
"scanArchives":false
},
"antiExploit": {
"enabled":false,
"antiExploitMode":"<mode>",
"antiExploitExclusions":[
{
"processName":"<process name>",
"modifiedBy":"<user name>",
"lastModified":1111111111111
}
]
},
"powershellProtection": {
"enabled":false,
"downloadExecute":"<mode>",
"maliciousDownloads":"<mode>",
"urlAndDomainExclusions":[
{
"file":"<domain name>",
"modifiedBy":"<user name>",
"lastModified":"1111111111111"
}
],
"scriptAnalysis":"<mode>",
"patternExclusions":[
{
"file":"<pattern name>",
"modifiedBy":"<user name>",
"lastModified":"1111111111111"
}
],
"floatingLoadedModules":"<mode>",
"moduleExclusions":[
{
"file":"<module name>",
"modifiedBy":"<user name>",
"lastModified":"1111111111111"
}
],
"dotNetToJScript":"<mode>",
"processExclusions":[
{
"file":"<process name>",
"modifiedBy":"<user name>",
"lastModified":"1111111111111"
}
],
"dotNetEnabled":true,
"amsiEnabled":true
},
"rulesEngine": {
"rulesEngineMode":"<mode>",
"pathExclusions":[
{
"file":"<process name>",
"modifiedBy":"<user name>",
"lastModified":"1111111111111"
}
],
"rulesIdExclusions":[
{
"file":"<process name>",
"modifiedBy":"<user name>",
"lastModified":"1111111111111"
}
]
},
"antiRansomware": {
"mode":"<mode>",
"canaryFiles": {
"rootDrives": {
"enabled":false,
"status":"<status>"
},
"desktop": {
"enabled":false,
"status":"<status>"
},
"usersFolder": {
"enabled":false,
"status":"<status>"
},
"usersDocuments": {
"enabled":false,
"status":"<status>"
},
"folderSuffix":"<suffix>",
"fileSuffix":"<suffix>"
},
"shadowCopyEnabled":true,
"mbrEnabled":true,
"exclusions":[
{
"file":"<file and command>",
"modifiedBy":"<user name>",
"lastModified":"1111111111111"
}
],
"processEnablers":[
{
"processName":"vssadmin",
"enabled":false
},
{
"processName":"wmic",
"enabled":false
},
{
"processName":"cmd",
"enabled":false
},
{
"processName":"iexplore",
"enabled":false
},
{
"processName":"powershell",
"enabled":false
},
{
"processName":"wscript",
"enabled":false
},
{
"processName":"cscript",
"enabled":false
},
{
"processName":"rundll32",
"enabled":false
},
{
"processName":"dllhost",
"enabled":false
},
{
"processName":"taskhost",
"enabled":false
},
{
"processName":"taskeng",
"enabled":false
},
{
"processName":"taskhostw",
"enabled":false
},
{
"processName":"msiexec",
"enabled":false
},
{
"processName":"python",
"enabled":false
}
]
},
"appControl": {
"enabled":false
},
"endpointProtection": {
"usbControlEnabled":false,
"usbClassActionList":[
{
"classType":"USB_CLASS_MASS_STORAGE",
"action":"<action>"
},
{
"classType":"USB_CLASS_MTP",
"action":"<action>"
}
],
"usbExclusions":[
{
"classType":"<device type>",
"vendor":"<vendor>",
"product":"<product name>",
"serial":"<serial number>",
"action":"<action>",
"modifiedBy":"<user>",
"lastModified":1111111111111
}
],
"personalFirewallEnabled":false,
"privateNetworks":false,
"publicNetworks":false,
"domains":false,
"inboundRules":[
{
"Name":"<rule name>",
"Group":"Cybereason",
"Profile":"<network level>",
"Enabled":"Yes",
"Action":"<action>",
"Program":"<program>",
"LocalAddress":"<IP of local machine>",
"RemoteAddress":"<IP of remote machine>",
"Protocol":"<protocol>",
"LocalPort":"<port>",
"RemotePort":"<port>",
"AuthorizedUsers":"Any",
"AuthorizedComputers":"Any",
"AuthorizedLocalPrincipals":"Any",
"LocalUserOwner":"Any",
"ApplicationPackage":"Any"
}
],
"outboundRules":[
{
"Name":"<rule name>",
"Group":"Cybereason",
"Profile":"<network level>",
"Enabled":"Yes",
"Action":"<action>",
"Program":"<program>",
"LocalAddress":"<IP of local machine>",
"RemoteAddress":"<IP of remote machine>",
"Protocol":"<protocol>",
"LocalPort":"<port>",
"RemotePort":"<port>",
"AuthorizedUsers":"Any",
"AuthorizedComputers":"Any",
"AuthorizedLocalPrincipals":"Any",
"LocalUserOwner":"Any",
"ApplicationPackage":"Any"
}
]
},
"collectionFeatures": {
"dpiEnabled":false,
"dpiProxyVisibility":false,
"dpiLateralMovement":false,
"metadataEnabled":true,
"metadataWord":true,
"metadataExcel":true,
"metadataPowerpoint":true,
"metadataAcrobat":true,
"metadataPowershell":true,
"fileEventsEnabled":false,
"fileEventsCollectionMode":"<mode>",
"fileEventsExclusions":[
{
"processName":"<process name>",
"path":"<process path>",
"modifiedBy":"<user>",
"lastModified":1111111111111
}
],
"registryEventsEnabled":false,
"registryEventsInclusions":[
{
"dataHash":"<file hash>",
"key":"<key>",
"values":[],
"modifiedBy":"Cybereason",
"lastModified":1553423190814,
"depth":false
}
]
},
"endpointUiSettings": {
"systemTrayIconEnabled":true,
"notifications": {
"signaturesAV": {
"enabled":false,
"status":"PREVENTION_ONLY"
},
"artificialIntelligence": {
"enabled":false,
"status":"PREVENTION_ONLY"
},
"powerShell": {
"enabled":false,
"status":"PREVENTION_ONLY"
},
"ransomware": {
"enabled":false,
"status":"PREVENTION_ONLY"
},
"remediationAction": {
"enabled":false,
"status":"PREVENTION_ONLY"
}
}
}
}
Request Parameters
URL/URI parameters: none
Request Body Parameters: The request body to create a sensor policy includes many objects (parts):
Note
Not all objects or fields may be relevant for your environment, depending on your Cybereason version and the features you have enabled in your environment.
See the relevant fields in the linked topics above.
Response Status Codes
This request can return the following status codes:
200: Success OK with a success or failure message.
400: The arguments for the request are not valid
Response Success Schema
The response includes:
Field |
Type |
Description |
---|---|---|
id |
String |
A unique ID the Cybereason platform uses for this policy. |
name |
String |
A name for the policy assigned in the request body. |
description |
String |
The description of the policy assigned in the request body. |
createdBy |
String |
The Cybereason user name of the user that created the policy. |
creationTime |
Long |
The time (in milliseconds) when the policy was created. |
assignedSensors |
Integer |
The number of sensors assigned to this policy. |
assignedGroupIds |
Array |
A collection of groups to which that assign this policy to the sensors in the group. If your environment does not use sensor groups, this array is empty. |
isDefault |
Boolean |
Indicates whether this is the default policy in your Cybereason environment. |
isLegacy |
Boolean |
Indicates whether this is a policy that maintains legacy settings from sensors that existed before you used sensor policies. |
nonCompliantSensors |
Integer |
The number of sensors that report non-compliance with the policy settings. |
groupId |
String |
The ID of the group for this policy. |
Response Failure Schema
A error message describing the error
Important Response Fields
Important information is found in these fields:
id: The unique identifier the Cybereason platform uses for the policy. This ensures that the policy is created.
name: The name for the policy.
Example: Create a sensor policy
Request
curl --request POST \
--url https://12.34.56.78/rest/policies \
--header 'Content-Type:application/json' \
--data '{
"nameDescription":
{
"name":"Anti-Malware policy",
"description":"Sample policy to show only Anti-Malware settings",
"notes":"",
},
"antiMalware": {
"enabled":true,
"signatureMode":"BLOCK",
"documentProtectionMode":"DETECT",
"documentProtectionSensitivityLevel":"MODERATE",
"documentProtectionExclusions":[
{
"file":"doc_mal_08",
"modifiedBy":"admin@yourserverlcom",
"lastModified":"1234567891011"
}
],
"detectMode":3,
"preventMode":3,
"quarantineMaliciousFiles":true,
"exclusions":[],
"quickScanEnabled":true,
"quickScan": {
"period":"DAILY",
"periodicHour":12,
"periodicDay":0,
"periodicOccurrence":1
},
"quickScanMode":"SCAN",
"fullScanEnabled":true,
"fullScan": {
"period":"DAILY",
"periodicHour":16,
"periodicDay":3,
"periodicOccurrence":1
},
"fullScanMode":"SCAN",
"localUpdateServerUrl":"https://mylocalupdateserver.cybereason.net",
"updateFrequencyIntervalMin":15,
"limitFileExtensions":false,
"ignoreNetworkPaths":true,
"scanArchives":true
},
"antiExploit": {
"enabled":false,
"antiExploitMode":"<mode>",
"antiExploitExclusions":[
{
"processName":"<process name>",
"modifiedBy":"<user name>",
"lastModified":1111111111111
}
]
},
"powershellProtection": {
"enabled":false,
"downloadExecute":"<mode>",
"maliciousDownloads":"<mode>",
"urlAndDomainExclusions":[
{
"file":"<domain name>",
"modifiedBy":"<user name>",
"lastModified":"1111111111111"
}
],
"scriptAnalysis":"<mode>",
"patternExclusions":[
{
"file":"<pattern name>",
"modifiedBy":"<user name>",
"lastModified":"1111111111111"
}
],
"floatingLoadedModules":"<mode>",
"moduleExclusions":[
{
"file":"<module name>",
"modifiedBy":"<user name>",
"lastModified":"1111111111111"
}
],
"dotNetToJScript":"<mode>",
"processExclusions":[
{
"file":"<process name>",
"modifiedBy":"<user name>",
"lastModified":"1111111111111"
}
],
"dotNetEnabled":true,
"amsiEnabled":true
},
"rulesEngine": {
"rulesEngineMode":"<mode>",
"pathExclusions":[
{
"file":"<process name>",
"modifiedBy":"<user name>",
"lastModified":"1111111111111"
}
],
"rulesIdExclusions":[
{
"file":"<process name>",
"modifiedBy":"<user name>",
"lastModified":"1111111111111"
}
]
},
"antiRansomware": {
"mode":"<mode>",
"canaryFiles": {
"rootDrives": {
"enabled":false,
"status":"<status>"
},
"desktop": {
"enabled":false,
"status":"<status>"
},
"usersFolder": {
"enabled":false,
"status":"<status>"
},
"usersDocuments": {
"enabled":false,
"status":"<status>"
},
"folderSuffix":"<suffix>",
"fileSuffix":"<suffix>"
},
"shadowCopyEnabled":true,
"mbrEnabled":true,
"exclusions":[
{
"file":"<file and command>",
"modifiedBy":"<user name>",
"lastModified":"1111111111111"
}
],
"processEnablers":[
{
"processName":"vssadmin",
"enabled":false
},
{
"processName":"wmic",
"enabled":false
},
{
"processName":"cmd",
"enabled":false
},
{
"processName":"iexplore",
"enabled":false
},
{
"processName":"powershell",
"enabled":false
},
{
"processName":"wscript",
"enabled":false
},
{
"processName":"cscript",
"enabled":false
},
{
"processName":"rundll32",
"enabled":false
},
{
"processName":"dllhost",
"enabled":false
},
{
"processName":"taskhost",
"enabled":false
},
{
"processName":"taskeng",
"enabled":false
},
{
"processName":"taskhostw",
"enabled":false
},
{
"processName":"msiexec",
"enabled":false
},
{
"processName":"python",
"enabled":false
}
]
},
"appControl": {
"enabled":false
},
"endpointProtection": {
"usbControlEnabled":false,
"usbClassActionList":[
{
"classType":"USB_CLASS_MASS_STORAGE",
"action":"<action>"
},
{
"classType":"USB_CLASS_MTP",
"action":"<action>"
}
],
"usbExclusions":[
{
"classType":"<device type>",
"vendor":"<vendor>",
"product":"<product name>",
"serial":"<serial number>",
"action":"<action>",
"modifiedBy":"<user>",
"lastModified":1111111111111
}
],
"personalFirewallEnabled":false,
"privateNetworks":false,
"publicNetworks":false,
"domains":false,
"inboundRules":[
{
"Name":"<rule name>",
"Group":"Cybereason",
"Profile":"<network level>",
"Enabled":"Yes",
"Action":"<action>",
"Program":"<program>",
"LocalAddress":"<IP of local machine>",
"RemoteAddress":"<IP of remote machine>",
"Protocol":"<protocol>",
"LocalPort":"<port>",
"RemotePort":"<port>",
"AuthorizedUsers":"Any",
"AuthorizedComputers":"Any",
"AuthorizedLocalPrincipals":"Any",
"LocalUserOwner":"Any",
"ApplicationPackage":"Any"
}
],
"outboundRules":[
{
"Name":"<rule name>",
"Group":"Cybereason",
"Profile":"<network level>",
"Enabled":"Yes",
"Action":"<action>",
"Program":"<program>",
"LocalAddress":"<IP of local machine>",
"RemoteAddress":"<IP of remote machine>",
"Protocol":"<protocol>",
"LocalPort":"<port>",
"RemotePort":"<port>",
"AuthorizedUsers":"Any",
"AuthorizedComputers":"Any",
"AuthorizedLocalPrincipals":"Any",
"LocalUserOwner":"Any",
"ApplicationPackage":"Any"
}
]
},
"collectionFeatures": {
"dpiEnabled":false,
"dpiProxyVisibility":false,
"dpiLateralMovement":false,
"metadataEnabled":true,
"metadataWord":true,
"metadataExcel":true,
"metadataPowerpoint":true,
"metadataAcrobat":true,
"metadataPowershell":true,
"fileEventsEnabled":false,
"fileEventsCollectionMode":"<mode>",
"fileEventsExclusions":[
{
"processName":"<process name>",
"path":"<process path>",
"modifiedBy":"<user>",
"lastModified":1111111111111
}
],
"registryEventsEnabled":false,
"registryEventsInclusions":[
{
"dataHash":"<file hash>",
"key":"<key>",
"values":[],
"modifiedBy":"Cybereason",
"lastModified":1553423190814,
"depth":false
}
]
},
"endpointUiSettings": {
"systemTrayIconEnabled":true,
"notifications": {
"signaturesAV": {
"enabled":false,
"status":"PREVENTION_ONLY"
},
"artificialIntelligence": {
"enabled":false,
"status":"PREVENTION_ONLY"
},
"powerShell": {
"enabled":false,
"status":"PREVENTION_ONLY"
},
"ransomware": {
"enabled":false,
"status":"PREVENTION_ONLY"
},
"remediationAction": {
"enabled":false,
"status":"PREVENTION_ONLY"
}
}
}
}'
Response
{
"policies": [
{
"id":"c24518b3-799d-41fe-8520-c55bed63aafc",
"name":"R&D",
"description":"Test Policy",
"createdBy":"[email protected]",
"creationTime":1570451384828,
"lastEditedBy":"[email protected]",
"lastEditedTime":1630411211018,
"assignedSensors":1,
"isDefault":false,
"nonCompliantSensors":0,
"assignedGroupIds":["e9ce9a2b-f084-4938-8690-44e0edeaf633","dcddce72-71f1-438a-aaca-90ec3c6a338b"],
"groupId":""
},
],
"total":1
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
Use this request body:
{
"nameDescription":
{
"name":"Anti-Malware policy",
"description":"Sample policy to show only Anti-Malware settings",
"notes":""
},
"antiMalware": {
"enabled":true,
"signatureMode":"BLOCK",
"documentProtectionMode":"DETECT",
"documentProtectionSensitivityLevel":"MODERATE",
"documentProtectionExclusions":[
{
"file":"doc_mal_08",
"modifiedBy":"admin@yourserverlcom",
"lastModified":"1234567891011"
}
],
"detectMode":3,
"preventMode":3,
"quarantineMaliciousFiles":true,
"exclusions":[],
"quickScanEnabled":true,
"quickScan": {
"period":"DAILY",
"periodicHour":12,
"periodicDay":0,
"periodicOccurrence":1
},
"quickScanMode":"SCAN",
"fullScanEnabled":true,
"fullScan": {
"period":"DAILY",
"periodicHour":16,
"periodicDay":3,
"periodicOccurrence":1
},
"fullScanMode":"SCAN",
"localUpdateServerUrl":"https://mylocalupdateserver.cybereason.net",
"updateFrequencyIntervalMin":15,
"limitFileExtensions":false,
"ignoreNetworkPaths":true,
"scanArchives":true
},
"antiExploit": {
"enabled":true,
"antiExploitMode":"CAUTIOUS",
"antiExploitExclusions":[]
},
"powershellProtection": {
"enabled":true,
"downloadExecute":"PREVENT",
"maliciousDownloads":"PREVENT",
"urlAndDomainExclusions":[],
"scriptAnalysis":"PREVENT",
"patternExclusions":[],
"floatingLoadedModules":"PREVENT",
"moduleExclusions":[],
"dotNetToJScript":"PREVENT",
"processExclusions":[]
},
"rulesEngine": {
"rulesEngineMode":"PREVENT",
"pathExclusions":[],
"rulesIdExclusions":[]
},
"antiRansomware": {
"mode":"SUSPEND",
"canaryFiles": {
"rootDrives": {
"enabled":true,
"status":"HIDDEN"
},
"desktop": {
"enabled":true,
"status":"HIDDEN"
},
"usersFolder": {
"enabled":true,
"status":"HIDDEN"
},
"usersDocuments": {
"enabled":true,
"status":"HIDDEN"
},
"folderSuffix":".canary",
"fileSuffix":".canary"
},
"shadowCopyEnabled":true,
"mbrEnabled":true,
"exclusions":[],
"processEnablers":[
{
"processName":"vssadmin",
"enabled":false
},
{
"processName":"wmic",
"enabled":false
},
{
"processName":"cmd",
"enabled":false
},
{
"processName":"iexplore",
"enabled":false
},
{
"processName":"powershell",
"enabled":false
},
{
"processName":"wscript",
"enabled":false
},
{
"processName":"cscript",
"enabled":false
},
{
"processName":"rundll32",
"enabled":false
},
{
"processName":"dllhost",
"enabled":false
},
{
"processName":"taskhost",
"enabled":false
},
{
"processName":"taskeng",
"enabled":false
},
{
"processName":"taskhostw",
"enabled":false
},
{
"processName":"msiexec",
"enabled":false
},
{
"processName":"python",
"enabled":false
}
]
},
"appControl": {
"enabled":true
},
"endpointProtection": {
"usbControlEnabled":true,
"usbClassActionList":[
{
"classType":"USB_CLASS_MASS_STORAGE",
"action":"USB_ACTION_READ_ONLY"
},
{
"classType":"USB_CLASS_MTP",
"action":"USB_ACTION_READ_ONLY"
}
],
"usbExclusions":[],
"personalFirewallEnabled":true,
"privateNetworks":true,
"publicNetworks":true,
"domains":true,
"inboundRules":[],
"outboundRules":[]
},
"collectionFeatures": {
"dpiEnabled":true,
"dpiProxyVisibility":true,
"dpiLateralMovement":true,
"metadataEnabled":true,
"metadataWord":true,
"metadataExcel":true,
"metadataPowerpoint":true,
"metadataAcrobat":true,
"metadataPowershell":true,
"fileEventsEnabled":true,
"fileEventsCollectionMode":"FEC_EXTENSIONS",
"fileEventsExclusions":[],
"registryEventsEnabled":false,
"registryEventsInclusions":[]
},
"endpointUiSettings": {
"systemTrayIconEnabled":true,
"notifications": {
"signaturesAV": {
"enabled":true,
"status":"PREVENTION_ONLY"
},
"artificialIntelligence": {
"enabled":true,
"status":"PREVENTION_ONLY"
},
"powerShell": {
"enabled":true,
"status":"PREVENTION_ONLY"
},
"ransomware": {
"enabled":true,
"status":"PREVENTION_ONLY"
},
"remediationAction": {
"enabled":true,
"status":"PREVENTION_ONLY"
}
}
}
}
Response
{
"policies": [
{
"id":"c24518b3-799d-41fe-8520-c55bed63aafc",
"name":"R&D",
"description":"Test Policy",
"createdBy":"[email protected]",
"creationTime":1570451384828,
"lastEditedBy":"[email protected]",
"lastEditedTime":1630411211018,
"assignedSensors":1,
"isDefault":false,
"nonCompliantSensors":0,
"assignedGroupIds":["e9ce9a2b-f084-4938-8690-44e0edeaf633","dcddce72-71f1-438a-aaca-90ec3c6a338b"],
"groupId":""
},
],
"total":1
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
endpoint_url = "/rest/policies"
api_url = base_url + endpoint_url
# These are the variables that represent different fields in the request.
policy_name = "Anti-Malware policy"
description = "Sample policy to show only Anti-Malware settings"
signature_mode = "BLOCK"
doc_protect_mode = "DETECT"
doc_protect_sensitivity = "MODERATE"
doc_protect_exclusion_rule = "doc_mal_08"
exclusion_modifier = "[email protected]"
exclusion_modification_time = 1234567891011
ai_detect_mode = 3
ai_prevent_mode = 3
scan_period = "DAILY"
quick_scan_hour = 12
quick_scan_day = 0
scan_mode = "SCAN"
full_scan_hour = 16
full_scan_day = 3
update_server_url = "https://mylocalupdateserver.cybereason.net"
update_interval = 15
anti_exploit_mode = "CAUTIOUS"
download_execute_mode = "PREVENT"
malicious_downloads_mode = "PREVENT"
script_analysis_mode = "PREVENT"
floating_modules_mode = "PREVENT"
dotNET_JScript_mode = "PREVENT"
behavioral_execution_mode = "PREVENT"
ransomware_mode = "SUSPEND"
canary_suffix = ".canary"
usb_action = "USB_ACTION_READ_ONLY"
file_events_collection_mode = "FEC_EXTENSIONS"
tags = json.dumps({"nameDescription":{"name":policy_name,"description":"Sample policy to show only Anti-Malware settings","notes":""},"antiMalware":{"enabled":True,"signatureMode":signature_mode,"documentProtectionMode":doc_protect_mode,"documentProtectionSensitivityLevel":doc_protect_sensitivity,"documentProtectionExclusions":[{"file":doc_protect_exclusion_rule,"modifiedBy":exclusion_modifier,"lastModified":exclusion_modification_time}],"detectMode":ai_detect_mode,"preventMode":ai_prevent_mode,"quarantineMaliciousFiles":true,"exclusions":[],"quickScanEnabled":True,"quickScan": {"period":scan_period,"periodicHour":quick_scan_hour,"periodicDay":quick_scan_day,"periodicOccurrence":1},"quickScanMode":scan_mode,"fullScanEnabled":True,"fullScan":{"period":scan_period,"periodicHour":full_scan_hour,"periodicDay":full_scan_day,"periodicOccurrence":1},"fullScanMode":scan_mode,"localUpdateServerUrl":update_server_url,"updateFrequencyIntervalMin":update_interval,"limitFileExtensions":False,"ignoreNetworkPaths":True,"scanArchives":True},"antiExploit":{"enabled":True,"antiExploitMode":anti_exploit_mode,"antiExploitExclusions":[]},"powershellProtection":{"enabled":True,"downloadExecute":download_execute_mode,"maliciousDownloads":malicious_downloads_mode,"urlAndDomainExclusions":[],"scriptAnalysis":script_analysis_mode,"patternExclusions":[],"floatingLoadedModules":floating_modules_mode,"moduleExclusions":[],"dotNetToJScript":"dotNET_JScript_mode","processExclusions":[]},"rulesEngine":{"rulesEngineMode":behavioral_execution_mode,"pathExclusions":[],"rulesIdExclusions":[]},"antiRansomware":{"mode":ransomware_mode,"canaryFiles":{"rootDrives":{"enabled":True,"status":"HIDDEN"},"desktop":{"enabled":True,"status":"HIDDEN"},"usersFolder":{"enabled":True,"status":"<status>"},"usersDocuments": {"enabled":True,"status":"<status>"},"folderSuffix":canary_suffix,"fileSuffix":canary_suffix},"shadowCopyEnabled":True,"mbrEnabled":True,"exclusions":[],"processEnablers":[{"processName":"vssadmin","enabled":False},{"processName":"wmic","enabled":False},{"processName":"cmd","enabled":False},{"processName":"iexplore","enabled":False},{"processName":"powershell","enabled":False},{"processName":"wscript","enabled":False},{"processName":"cscript","enabled":False},{"processName":"rundll32","enabled":False},{"processName":"dllhost","enabled":False},{"processName":"taskhost","enabled":False},{"processName":"taskeng","enabled":False},{"processName":"taskhostw","enabled":False},{"processName":"msiexec","enabled":False},{"processName":"python","enabled":False}]},"appControl": {"enabled":True},"endpointProtection":{"usbControlEnabled":True,"usbClassActionList":[{"classType":"USB_CLASS_MASS_STORAGE","action":usb_action},{"classType":"USB_CLASS_MTP","action":usb_action}],"usbExclusions":[],"personalFirewallEnabled":True,"privateNetworks":True,"publicNetworks":True,"domains":True,"inboundRules":[],"outboundRules":[]},"collectionFeatures": {"dpiEnabled":True,"dpiProxyVisibility":True,"dpiLateralMovement":True,"metadataEnabled":True,"metadataWord":True,"metadataExcel":True,"metadataPowerpoint":True,"metadataAcrobat":True,"metadataPowershell":True,"fileEventsEnabled":True,"fileEventsCollectionMode":file_events_collection_mode,"fileEventsExclusions":[],"registryEventsEnabled":False,"registryEventsInclusions":[]},"endpointUiSettings": {"systemTrayIconEnabled":True,"notifications": {"signaturesAV":{"enabled":True,"status":"PREVENTION_ONLY"},"artificialIntelligence":{"enabled":True,"status":"PREVENTION_ONLY"},"powerShell":{"enabled":True,"status":"PREVENTION_ONLY"},"ransomware":{"enabled":True,"status":"PREVENTION_ONLY"},"remediationAction": {"enabled":True,"status":"PREVENTION_ONLY"}}}})
api_response = session.request("POST", api_url, data=tags, headers=headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
{
"policies": [
{
"id":"c24518b3-799d-41fe-8520-c55bed63aafc",
"name":"R&D",
"description":"Test Policy",
"createdBy":"[email protected]",
"creationTime":1570451384828,
"lastEditedBy":"[email protected]",
"lastEditedTime":1630411211018,
"assignedSensors":1,
"isDefault":false,
"nonCompliantSensors":0,
"assignedGroupIds":["e9ce9a2b-f084-4938-8690-44e0edeaf633","dcddce72-71f1-438a-aaca-90ec3c6a338b"],
"groupId":""
},
],
"total":1
}