Retrieve Details on a Sensor Policy
Endpoint URL: https://<your server>/rest/policies/:policy ID
Endpoint URI: policies/:policy ID
Action: GET
Retrieves the settings for a specific sensor policy with the appropriate settings.
You must be assigned the System Admin role and Sensor Admin L1 role (if your Cybereason environment uses sensor grouping) to send requests to this endpoint URL.
Note
Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.
Request Headers
If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.
Request Body
None
Request Parameters
URL/URI parameters: You must add the string with the unique identifier the Cybereason platform uses for the policy as part of the URL for this request.
Request Body Parameters: None
Response Status Codes
This request can return the following status codes:
200: Success OK with a success or failure message.
Response Success Schema
The response body to create a sensor policy includes many objects (parts):
Note
Not all objects or fields may be relevant for your environment, depending on the features you have enabled in your environment.
See the relevant fields in the linked topics above.
Response Failure Schema
A 200 error with a message describing the error
Important Response Fields
Important information is found in these fields:
id: The unique identifier the Cybereason platform uses for the policy. This ensures that the policy is created.
name: The name for the policy.
Example: Retrieve details for a sensor policy
Request
curl --request GET \
--url https://12.34.56.78/rest/policies/c24518b3-799d-41fe-8520-c55bed63aafc \
--header 'Content-Type:application/json' \
Response
{
"nameDescription": {
"name": "Test Policy",
"description": "For Creation Testing",
"notes": ""
},
"antiMalware": {
"enabled": false,
"signatureMode": "DISABLED",
"documentProtectionMode": "DISABLED",
"documentProtectionSensitivityLevel": "CAUTIOUS",
"documentProtectionExclusions": [],
"detectMode": 1,
"preventMode": 1,
"quarantineMaliciousFiles": false,
"scanDllFiles": false,
"exclusions": [],
"quickScanEnabled": false,
"quickScan": {
"period": "DAILY",
"periodicHour": 12,
"periodicDay": 0,
"periodicOccurrence": 1
},
"quickScanMode": "SCAN",
"fullScanEnabled": false,
"fullScan": {
"period": "WEEKLY",
"periodicHour": 16,
"periodicDay": 3,
"periodicOccurrence": 1
},
"fullScanMode": "SKIP",
"localUpdateServerUrl": "",
"updateFrequencyIntervalMin": 15,
"limitFileExtensions": true,
"ignoreNetworkPaths": true,
"scanArchives": false
},
"antiExploit": {
"enabled": false,
"antiExploitMode": "EXISTING",
"antiExploitExclusions": []
},
"powershellProtection": {
"enabled": false,
"downloadExecute": "DISABLED",
"maliciousDownloads": "DISABLED",
"urlAndDomainExclusions": [],
"scriptAnalysis": "DISABLED",
"patternExclusions": [],
"floatingLoadedModules": "DISABLED",
"moduleExclusions": [],
"dotNetToJScript": "DISABLED",
"processExclusions": []
},
"antiRansomware": {
"mode": "DISABLED",
"canaryFiles": {
"rootDrives": {
"enabled": false,
"status": "VISIBLE"
},
"desktop": {
"enabled": false,
"status": "SYSTEM_HIDDEN"
},
"usersFolder": {
"enabled": false,
"status": "HIDDEN"
},
"usersDocuments": {
"enabled": false,
"status": "HIDDEN"
},
"folderSuffix": "",
"fileSuffix": ""
},
"shadowCopyEnabled": true,
"mbrEnabled": true,
"exclusions": [],
"processEnablers": [
{
"processName": "vssadmin",
"enabled": false
},
{
"processName": "wmic",
"enabled": false
},
{
"processName": "cmd",
"enabled": false
},
{
"processName": "iexplore",
"enabled": false
},
{
"processName": "powershell",
"enabled": false
},
{
"processName": "wscript",
"enabled": false
},
{
"processName": "cscript",
"enabled": false
},
{
"processName": "rundll32",
"enabled": false
},
{
"processName": "dllhost",
"enabled": false
},
{
"processName": "taskhost",
"enabled": false
},
{
"processName": "taskeng",
"enabled": false
},
{
"processName": "taskhostw",
"enabled": false
},
{
"processName": "msiexec",
"enabled": false
},
{
"processName": "python",
"enabled": false
}
]
},
"appControl": {
"enabled": false
},
"endpointProtection": {
"usbControlEnabled": false,
"usbBlockEnabled": false,
"usbExclusions": [],
"personalFirewallEnabled": false,
"privateNetworks": false,
"publicNetworks": false,
"domains": false,
"inboundRules": [],
"outboundRules": []
},
"collectionFeatures": {
"dpiEnabled": false,
"dpiProxyVisibility": false,
"dpiLateralMovement": false,
"metadataEnabled": true,
"metadataWord": true,
"metadataExcel": true,
"metadataPowerpoint": true,
"metadataAcrobat": true,
"metadataPowershell": true,
"fileEventsEnabled": false,
"fileEventsExclusions": [],
"registryEventsEnabled": false,
"registryEventsInclusions": [
{
"dataHash": "38ee64726b618d54e8efdf8002d08b1d9228825c73657e3a0140be9613f975f2",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "f7979c35f63713493226eea8cdaf860c2ee104aed49e1ebfe9aa212464826e7f",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Runonce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "b853903ca88dc1ad1c7544aef497c5b26c67f6291838c146d3f89b780c056175",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunonceEx",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "2dc3e39b20e5f0fc6c1bcf7d266593a04b5f427dbd0b1066bd3e55715f2ab382",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "064982d7b6685c36730d43ce19deef34028ba070cbdda1a131a93141b8345cd5",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "4ebbe19a0c91fda995f0b82fc835e514aa51f364c82f2d767442a1e78736670b",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "6cea5a60c44f01832522a89c8285000fd5e454a82333210666a014e93bf4d5c9",
"key": "HKCU\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "804c45855ef7ee1f0941831459d015bf6ae9dd4d7f8499d547efbfb1094ae1d1",
"key": "HKCU\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "81fb85d4952e6d2a4309d6278979cd6fcf01153f70e166b4a4ac1232475cbfeb",
"key": "HKCU\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "2d49600a1fbb0356d03e22d28175303f9b4388ec7266327cbd67db9e449bdb7a",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "6750d847289fd91cab6b5ce1973fbf79bde7e07bb85ced2072af9d5f89e6e1de",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Runonce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "6bd5f793189dc4bc8a9f6bfaffd47b0a8be198c2ffd971670e7656c50acd33c9",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunonceEx",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "f76abe5469733b80a612ac12c76a511869a417985c958aa2f184aa6a4a4264ea",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "bbff6d2d8396c7489092806aed7389ee40133b3027298c8661db08a3b9e9a584",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "f0baf48927bd53cf77dc683c634d39e6cb18ac95ea966102dd10cd72947d0f71",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "54ba23c2748b2123ec096e83e5a77d4f264d9636c9af4be494e2b4465bbba4e0",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "27bc3a29025d0913a85b3b17dfd69e06562271e58fabc4e898c16a06c007bc4b",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "b4f917af8940eabf1e3b11f97c277d3e10c042eddef4a6c2aa3a9be31d3c30d1",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "11059bdb9b8df3220607bd05b43f13e19a7c38551911fb968285125a1192889d",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "60cbe8b3b3142737b347c59e1c270746726a6f1a2c1f19c36ef5680dc1769485",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "56d236e398bb25b5de834e21994c4acc42a2a497c2d38b1fb519b031df0a8db2",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "11c2e69c79868493ca2b467a926901f97add05a8efd0893e10b7570ea9cb574f",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "50bccae1f70407641b1589af842af6afa38b72cb80bce029f4562cb9bd0e0390",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths",
"values": [
"(default)"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "83778a9f4c624290c55857d40bfb437ec008cf96087dba7c23c5199c0352d195",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths",
"values": [
"(default)"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "2028462966ff1badf8eceb4bd9e7c716154c799545ca44a31e74dd10ad9bca4a",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\App Paths",
"values": [
"(default)"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "39d4d043291caa4ce87f0fcd002f3b1918529dbfcc1eb14d46d434476438b3f5",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
"values": [
"AppSetup",
"Shell",
"Userinit",
"VmApplet",
"Taskman"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "7bc1354da25558d0d558263453744e82e780f2ba44d84f9fdd2701567b877338",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
"values": [
"Shell",
"ShellInfrastructure"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "e3a30ad39906d0a7efa3e307cb4c2cbf8fa97a6e6e277d5e611152580d899f8d",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
"values": [
"shell"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "bcd46f7fc7177bf8308da9b8722840171446a22a2256d52161c66ebe1bd38f4a",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
"values": [
"ShellInfrastructure"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "34daf7d2e2ddf1e3567a008428657735efc87cb2417bd9eb9a948f1698ef2498",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\AlternateShells\\AvailableShells",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "f39bc2553f35000d92da7d4fe72abcc941125021a0d0940e23ba6a8aa79263a0",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GpExtensions",
"values": [
"DllName"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "01dea2465bc741bc5758e313059c5c0a6f8407d79e1437217c7cf3e0ab5f7081",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions",
"values": [
"DllName"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "2ae121e37f180810e9940f05c9b8496a53c481a2a92cdcaa4c4eb7a5701112c4",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify",
"values": [
"DllName"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "7cb864762bed644eb1952452f0def7162d641e1af6d3d9485d6489989a99c0ed",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify",
"values": [
"DllName"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "d79709146bb530c05b116dfb4269db245c0f0ab4cfb800bc71183ea21e26aa5c",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"values": [
"Appinit_Dlls"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "cc00e083a8d2b60d033d05569cb6a543033d66d724a3508d6ef8160ea45575a6",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"values": [
"Appinit_Dlls"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "eafd4a47d5b08d4e934235aa3f9ebbf4179ab5e4fa626fb228ee94d33b5c63f2",
"key": "HKLM\\SOFTWARE\\Classes\\Exefile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "2bfbb72e6b362977ac932a15554a3b089999bf990548fa7fd5b1708f5016d5b2",
"key": "HKCR\\Exefile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "2292a34c8f0e62fd0ae899ff174a2305db811aabfae9eabcbfc1ea7c81433d8c",
"key": "HKLM\\SOFTWARE\\Classes\\batfile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "1876369d92dea7c6760ad6e4e377f2f5160e125a7585ebb4ff8fd99d51d3803a",
"key": "HKCR\\batfile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "93c8a4efc631822be15a81088a3e20a68baf8b2edec8a0b71b33f1c6cc4de6a5",
"key": "HKLM\\SOFTWARE\\Classes\\comfile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "d92d9c77c921187f23c8be5e952c2003ba9f5441d57a5bbd1c5489f6040bdf9e",
"key": "HKCR\\comfile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "5c0313c34991ffabdcf5e9f69001ae86029868c28d1d9b5d9a59b580e3b449eb",
"key": "HKLM\\SOFTWARE\\Classes\\piffile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "5cb7c45f45febe58850faaf800d5f1d6151392bffbf9d54369b792cc2236a725",
"key": "HKCR\\piffile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "c385ffc73b20bf66aa5c29c6ba470803de876d647675f07b486373a52694cb69",
"key": "HKLM\\SOFTWARE\\Classes\\Htmlfile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "3cd5219ee1d06e7279d74a60455c58676b23e16fe4a3cce4194cc5d6fb2597f4",
"key": "HKCR\\Htmlfile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "af2cbe0620c7f9b6a93e4986137990e45105ba4cf1a1c38fa2a329323e620400",
"key": "HKLM\\SOFTWARE\\Classes\\htafile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "f850fd6fdce004208c3f5095d4505fc42cf6dce0b4ded541f6cd7eade67f997c",
"key": "HKCR\\htafile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "c3d7d60e2aba4c91ed55fd25c319c669f52fc8d0287796442a1d400972ec8644",
"key": "HKLM\\System\\CurrentControlSet\\Control\\Session Manager",
"values": [
"BootExecute"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "863db81427ddfdd8d9559dae21feba62dc8fd35c4111544b14351f93c2280d31",
"key": "HKLM\\System\\CurrentControlSet\\Control\\Print\\Monitors",
"values": [
"Driver"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "6963bda9646e22bb3a4a4cbfdf75c6fef7ff61627b993d3ed195612ee929dd18",
"key": "HKLM\\SYSTEM\\CurrentControlSet\\Services",
"values": [
"ImagePath",
"ObjectName"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "458572e82a87ad5cd68cf499467347a1749adb64ea67f945a14f41f4bef538fc",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
"values": [
"Debugger"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "34a18851fdd2c1b11554022a32cfe0abc5419d182b6aab85cacf72d495a5d592",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\BitLocker",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "083305cf04942082a1b6a280b849d2f1a36402af91f3954a59e7e63b8a8aa65b",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\BitLockerSQM",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
}
],
"smartFilteringEnabled": false,
"smartFilteringProcessWhitelist": [],
"smartFilteringBudgetCap": 50
},
"endpointUiSettings": {
"systemTrayIconEnabled": true,
"notifications": {
"signaturesAV": {
"enabled": false,
"status": "PREVENTION_ONLY"
},
"artificialIntelligence": {
"enabled": false,
"status": "PREVENTION_ONLY"
},
"powerShell": {
"enabled": false,
"status": "PREVENTION_ONLY"
},
"ransomware": {
"enabled": false,
"status": "PREVENTION_ONLY"
},
"remediationAction": {
"enabled": false,
"status": "PREVENTION_ONLY"
}
}
}
}
Request
Response
{
"nameDescription": {
"name": "Test Policy",
"description": "For Creation Testing",
"notes": ""
},
"antiMalware": {
"enabled": false,
"signatureMode": "DISABLED",
"documentProtectionMode": "DISABLED",
"documentProtectionSensitivityLevel": "CAUTIOUS",
"documentProtectionExclusions": [],
"detectMode": 1,
"preventMode": 1,
"quarantineMaliciousFiles": false,
"scanDllFiles": false,
"exclusions": [],
"quickScanEnabled": false,
"quickScan": {
"period": "DAILY",
"periodicHour": 12,
"periodicDay": 0,
"periodicOccurrence": 1
},
"quickScanMode": "SCAN",
"fullScanEnabled": false,
"fullScan": {
"period": "WEEKLY",
"periodicHour": 16,
"periodicDay": 3,
"periodicOccurrence": 1
},
"fullScanMode": "SKIP",
"localUpdateServerUrl": "",
"updateFrequencyIntervalMin": 15,
"limitFileExtensions": true,
"ignoreNetworkPaths": true,
"scanArchives": false
},
"antiExploit": {
"enabled": false,
"antiExploitMode": "EXISTING",
"antiExploitExclusions": []
},
"powershellProtection": {
"enabled": false,
"downloadExecute": "DISABLED",
"maliciousDownloads": "DISABLED",
"urlAndDomainExclusions": [],
"scriptAnalysis": "DISABLED",
"patternExclusions": [],
"floatingLoadedModules": "DISABLED",
"moduleExclusions": [],
"dotNetToJScript": "DISABLED",
"processExclusions": []
},
"antiRansomware": {
"mode": "DISABLED",
"canaryFiles": {
"rootDrives": {
"enabled": false,
"status": "VISIBLE"
},
"desktop": {
"enabled": false,
"status": "SYSTEM_HIDDEN"
},
"usersFolder": {
"enabled": false,
"status": "HIDDEN"
},
"usersDocuments": {
"enabled": false,
"status": "HIDDEN"
},
"folderSuffix": "",
"fileSuffix": ""
},
"shadowCopyEnabled": true,
"mbrEnabled": true,
"exclusions": [],
"processEnablers": [
{
"processName": "vssadmin",
"enabled": false
},
{
"processName": "wmic",
"enabled": false
},
{
"processName": "cmd",
"enabled": false
},
{
"processName": "iexplore",
"enabled": false
},
{
"processName": "powershell",
"enabled": false
},
{
"processName": "wscript",
"enabled": false
},
{
"processName": "cscript",
"enabled": false
},
{
"processName": "rundll32",
"enabled": false
},
{
"processName": "dllhost",
"enabled": false
},
{
"processName": "taskhost",
"enabled": false
},
{
"processName": "taskeng",
"enabled": false
},
{
"processName": "taskhostw",
"enabled": false
},
{
"processName": "msiexec",
"enabled": false
},
{
"processName": "python",
"enabled": false
}
]
},
"appControl": {
"enabled": false
},
"endpointProtection": {
"usbControlEnabled": false,
"usbBlockEnabled": false,
"usbExclusions": [],
"personalFirewallEnabled": false,
"privateNetworks": false,
"publicNetworks": false,
"domains": false,
"inboundRules": [],
"outboundRules": []
},
"collectionFeatures": {
"dpiEnabled": false,
"dpiProxyVisibility": false,
"dpiLateralMovement": false,
"metadataEnabled": true,
"metadataWord": true,
"metadataExcel": true,
"metadataPowerpoint": true,
"metadataAcrobat": true,
"metadataPowershell": true,
"fileEventsEnabled": false,
"fileEventsExclusions": [],
"registryEventsEnabled": false,
"registryEventsInclusions": [
{
"dataHash": "38ee64726b618d54e8efdf8002d08b1d9228825c73657e3a0140be9613f975f2",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "f7979c35f63713493226eea8cdaf860c2ee104aed49e1ebfe9aa212464826e7f",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Runonce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "b853903ca88dc1ad1c7544aef497c5b26c67f6291838c146d3f89b780c056175",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunonceEx",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "2dc3e39b20e5f0fc6c1bcf7d266593a04b5f427dbd0b1066bd3e55715f2ab382",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "064982d7b6685c36730d43ce19deef34028ba070cbdda1a131a93141b8345cd5",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "4ebbe19a0c91fda995f0b82fc835e514aa51f364c82f2d767442a1e78736670b",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "6cea5a60c44f01832522a89c8285000fd5e454a82333210666a014e93bf4d5c9",
"key": "HKCU\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "804c45855ef7ee1f0941831459d015bf6ae9dd4d7f8499d547efbfb1094ae1d1",
"key": "HKCU\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "81fb85d4952e6d2a4309d6278979cd6fcf01153f70e166b4a4ac1232475cbfeb",
"key": "HKCU\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "2d49600a1fbb0356d03e22d28175303f9b4388ec7266327cbd67db9e449bdb7a",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "6750d847289fd91cab6b5ce1973fbf79bde7e07bb85ced2072af9d5f89e6e1de",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Runonce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "6bd5f793189dc4bc8a9f6bfaffd47b0a8be198c2ffd971670e7656c50acd33c9",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunonceEx",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "f76abe5469733b80a612ac12c76a511869a417985c958aa2f184aa6a4a4264ea",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "bbff6d2d8396c7489092806aed7389ee40133b3027298c8661db08a3b9e9a584",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "f0baf48927bd53cf77dc683c634d39e6cb18ac95ea966102dd10cd72947d0f71",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "54ba23c2748b2123ec096e83e5a77d4f264d9636c9af4be494e2b4465bbba4e0",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "27bc3a29025d0913a85b3b17dfd69e06562271e58fabc4e898c16a06c007bc4b",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "b4f917af8940eabf1e3b11f97c277d3e10c042eddef4a6c2aa3a9be31d3c30d1",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "11059bdb9b8df3220607bd05b43f13e19a7c38551911fb968285125a1192889d",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "60cbe8b3b3142737b347c59e1c270746726a6f1a2c1f19c36ef5680dc1769485",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "56d236e398bb25b5de834e21994c4acc42a2a497c2d38b1fb519b031df0a8db2",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "11c2e69c79868493ca2b467a926901f97add05a8efd0893e10b7570ea9cb574f",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "50bccae1f70407641b1589af842af6afa38b72cb80bce029f4562cb9bd0e0390",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths",
"values": [
"(default)"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "83778a9f4c624290c55857d40bfb437ec008cf96087dba7c23c5199c0352d195",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths",
"values": [
"(default)"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "2028462966ff1badf8eceb4bd9e7c716154c799545ca44a31e74dd10ad9bca4a",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\App Paths",
"values": [
"(default)"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "39d4d043291caa4ce87f0fcd002f3b1918529dbfcc1eb14d46d434476438b3f5",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
"values": [
"AppSetup",
"Shell",
"Userinit",
"VmApplet",
"Taskman"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "7bc1354da25558d0d558263453744e82e780f2ba44d84f9fdd2701567b877338",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
"values": [
"Shell",
"ShellInfrastructure"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "e3a30ad39906d0a7efa3e307cb4c2cbf8fa97a6e6e277d5e611152580d899f8d",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
"values": [
"shell"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "bcd46f7fc7177bf8308da9b8722840171446a22a2256d52161c66ebe1bd38f4a",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
"values": [
"ShellInfrastructure"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "34daf7d2e2ddf1e3567a008428657735efc87cb2417bd9eb9a948f1698ef2498",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\AlternateShells\\AvailableShells",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "f39bc2553f35000d92da7d4fe72abcc941125021a0d0940e23ba6a8aa79263a0",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GpExtensions",
"values": [
"DllName"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "01dea2465bc741bc5758e313059c5c0a6f8407d79e1437217c7cf3e0ab5f7081",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions",
"values": [
"DllName"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "2ae121e37f180810e9940f05c9b8496a53c481a2a92cdcaa4c4eb7a5701112c4",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify",
"values": [
"DllName"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "7cb864762bed644eb1952452f0def7162d641e1af6d3d9485d6489989a99c0ed",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify",
"values": [
"DllName"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "d79709146bb530c05b116dfb4269db245c0f0ab4cfb800bc71183ea21e26aa5c",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"values": [
"Appinit_Dlls"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "cc00e083a8d2b60d033d05569cb6a543033d66d724a3508d6ef8160ea45575a6",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"values": [
"Appinit_Dlls"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "eafd4a47d5b08d4e934235aa3f9ebbf4179ab5e4fa626fb228ee94d33b5c63f2",
"key": "HKLM\\SOFTWARE\\Classes\\Exefile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "2bfbb72e6b362977ac932a15554a3b089999bf990548fa7fd5b1708f5016d5b2",
"key": "HKCR\\Exefile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "2292a34c8f0e62fd0ae899ff174a2305db811aabfae9eabcbfc1ea7c81433d8c",
"key": "HKLM\\SOFTWARE\\Classes\\batfile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "1876369d92dea7c6760ad6e4e377f2f5160e125a7585ebb4ff8fd99d51d3803a",
"key": "HKCR\\batfile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "93c8a4efc631822be15a81088a3e20a68baf8b2edec8a0b71b33f1c6cc4de6a5",
"key": "HKLM\\SOFTWARE\\Classes\\comfile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "d92d9c77c921187f23c8be5e952c2003ba9f5441d57a5bbd1c5489f6040bdf9e",
"key": "HKCR\\comfile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "5c0313c34991ffabdcf5e9f69001ae86029868c28d1d9b5d9a59b580e3b449eb",
"key": "HKLM\\SOFTWARE\\Classes\\piffile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "5cb7c45f45febe58850faaf800d5f1d6151392bffbf9d54369b792cc2236a725",
"key": "HKCR\\piffile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "c385ffc73b20bf66aa5c29c6ba470803de876d647675f07b486373a52694cb69",
"key": "HKLM\\SOFTWARE\\Classes\\Htmlfile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "3cd5219ee1d06e7279d74a60455c58676b23e16fe4a3cce4194cc5d6fb2597f4",
"key": "HKCR\\Htmlfile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "af2cbe0620c7f9b6a93e4986137990e45105ba4cf1a1c38fa2a329323e620400",
"key": "HKLM\\SOFTWARE\\Classes\\htafile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "f850fd6fdce004208c3f5095d4505fc42cf6dce0b4ded541f6cd7eade67f997c",
"key": "HKCR\\htafile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "c3d7d60e2aba4c91ed55fd25c319c669f52fc8d0287796442a1d400972ec8644",
"key": "HKLM\\System\\CurrentControlSet\\Control\\Session Manager",
"values": [
"BootExecute"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "863db81427ddfdd8d9559dae21feba62dc8fd35c4111544b14351f93c2280d31",
"key": "HKLM\\System\\CurrentControlSet\\Control\\Print\\Monitors",
"values": [
"Driver"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "6963bda9646e22bb3a4a4cbfdf75c6fef7ff61627b993d3ed195612ee929dd18",
"key": "HKLM\\SYSTEM\\CurrentControlSet\\Services",
"values": [
"ImagePath",
"ObjectName"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "458572e82a87ad5cd68cf499467347a1749adb64ea67f945a14f41f4bef538fc",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
"values": [
"Debugger"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "34a18851fdd2c1b11554022a32cfe0abc5419d182b6aab85cacf72d495a5d592",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\BitLocker",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "083305cf04942082a1b6a280b849d2f1a36402af91f3954a59e7e63b8a8aa65b",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\BitLockerSQM",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
}
],
"smartFilteringEnabled": false,
"smartFilteringProcessWhitelist": [],
"smartFilteringBudgetCap": 50
},
"endpointUiSettings": {
"systemTrayIconEnabled": true,
"notifications": {
"signaturesAV": {
"enabled": false,
"status": "PREVENTION_ONLY"
},
"artificialIntelligence": {
"enabled": false,
"status": "PREVENTION_ONLY"
},
"powerShell": {
"enabled": false,
"status": "PREVENTION_ONLY"
},
"ransomware": {
"enabled": false,
"status": "PREVENTION_ONLY"
},
"remediationAction": {
"enabled": false,
"status": "PREVENTION_ONLY"
}
}
}
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
policy_id = "c24518b3-799d-41fe-8520-c55bed63aafc"
endpoint_url = "/rest/policies/"
api_url = base_url + endpoint_url + str(policy_id)
api_response = session.request("GET", api_url, headers=headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
{
"nameDescription": {
"name": "Test Policy",
"description": "For Creation Testing",
"notes": ""
},
"antiMalware": {
"enabled": false,
"signatureMode": "DISABLED",
"documentProtectionMode": "DISABLED",
"documentProtectionSensitivityLevel": "CAUTIOUS",
"documentProtectionExclusions": [],
"detectMode": 1,
"preventMode": 1,
"quarantineMaliciousFiles": false,
"scanDllFiles": false,
"exclusions": [],
"quickScanEnabled": false,
"quickScan": {
"period": "DAILY",
"periodicHour": 12,
"periodicDay": 0,
"periodicOccurrence": 1
},
"quickScanMode": "SCAN",
"fullScanEnabled": false,
"fullScan": {
"period": "WEEKLY",
"periodicHour": 16,
"periodicDay": 3,
"periodicOccurrence": 1
},
"fullScanMode": "SKIP",
"localUpdateServerUrl": "",
"updateFrequencyIntervalMin": 15,
"limitFileExtensions": true,
"ignoreNetworkPaths": true,
"scanArchives": false
},
"antiExploit": {
"enabled": false,
"antiExploitMode": "EXISTING",
"antiExploitExclusions": []
},
"powershellProtection": {
"enabled": false,
"downloadExecute": "DISABLED",
"maliciousDownloads": "DISABLED",
"urlAndDomainExclusions": [],
"scriptAnalysis": "DISABLED",
"patternExclusions": [],
"floatingLoadedModules": "DISABLED",
"moduleExclusions": [],
"dotNetToJScript": "DISABLED",
"processExclusions": []
},
"antiRansomware": {
"mode": "DISABLED",
"canaryFiles": {
"rootDrives": {
"enabled": false,
"status": "VISIBLE"
},
"desktop": {
"enabled": false,
"status": "SYSTEM_HIDDEN"
},
"usersFolder": {
"enabled": false,
"status": "HIDDEN"
},
"usersDocuments": {
"enabled": false,
"status": "HIDDEN"
},
"folderSuffix": "",
"fileSuffix": ""
},
"shadowCopyEnabled": true,
"mbrEnabled": true,
"exclusions": [],
"processEnablers": [
{
"processName": "vssadmin",
"enabled": false
},
{
"processName": "wmic",
"enabled": false
},
{
"processName": "cmd",
"enabled": false
},
{
"processName": "iexplore",
"enabled": false
},
{
"processName": "powershell",
"enabled": false
},
{
"processName": "wscript",
"enabled": false
},
{
"processName": "cscript",
"enabled": false
},
{
"processName": "rundll32",
"enabled": false
},
{
"processName": "dllhost",
"enabled": false
},
{
"processName": "taskhost",
"enabled": false
},
{
"processName": "taskeng",
"enabled": false
},
{
"processName": "taskhostw",
"enabled": false
},
{
"processName": "msiexec",
"enabled": false
},
{
"processName": "python",
"enabled": false
}
]
},
"appControl": {
"enabled": false
},
"endpointProtection": {
"usbControlEnabled": false,
"usbBlockEnabled": false,
"usbExclusions": [],
"personalFirewallEnabled": false,
"privateNetworks": false,
"publicNetworks": false,
"domains": false,
"inboundRules": [],
"outboundRules": []
},
"collectionFeatures": {
"dpiEnabled": false,
"dpiProxyVisibility": false,
"dpiLateralMovement": false,
"metadataEnabled": true,
"metadataWord": true,
"metadataExcel": true,
"metadataPowerpoint": true,
"metadataAcrobat": true,
"metadataPowershell": true,
"fileEventsEnabled": false,
"fileEventsExclusions": [],
"registryEventsEnabled": false,
"registryEventsInclusions": [
{
"dataHash": "38ee64726b618d54e8efdf8002d08b1d9228825c73657e3a0140be9613f975f2",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "f7979c35f63713493226eea8cdaf860c2ee104aed49e1ebfe9aa212464826e7f",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Runonce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "b853903ca88dc1ad1c7544aef497c5b26c67f6291838c146d3f89b780c056175",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunonceEx",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "2dc3e39b20e5f0fc6c1bcf7d266593a04b5f427dbd0b1066bd3e55715f2ab382",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "064982d7b6685c36730d43ce19deef34028ba070cbdda1a131a93141b8345cd5",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "4ebbe19a0c91fda995f0b82fc835e514aa51f364c82f2d767442a1e78736670b",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "6cea5a60c44f01832522a89c8285000fd5e454a82333210666a014e93bf4d5c9",
"key": "HKCU\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "804c45855ef7ee1f0941831459d015bf6ae9dd4d7f8499d547efbfb1094ae1d1",
"key": "HKCU\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "81fb85d4952e6d2a4309d6278979cd6fcf01153f70e166b4a4ac1232475cbfeb",
"key": "HKCU\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "2d49600a1fbb0356d03e22d28175303f9b4388ec7266327cbd67db9e449bdb7a",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "6750d847289fd91cab6b5ce1973fbf79bde7e07bb85ced2072af9d5f89e6e1de",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Runonce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "6bd5f793189dc4bc8a9f6bfaffd47b0a8be198c2ffd971670e7656c50acd33c9",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunonceEx",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "f76abe5469733b80a612ac12c76a511869a417985c958aa2f184aa6a4a4264ea",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "bbff6d2d8396c7489092806aed7389ee40133b3027298c8661db08a3b9e9a584",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "f0baf48927bd53cf77dc683c634d39e6cb18ac95ea966102dd10cd72947d0f71",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "54ba23c2748b2123ec096e83e5a77d4f264d9636c9af4be494e2b4465bbba4e0",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "27bc3a29025d0913a85b3b17dfd69e06562271e58fabc4e898c16a06c007bc4b",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "b4f917af8940eabf1e3b11f97c277d3e10c042eddef4a6c2aa3a9be31d3c30d1",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "11059bdb9b8df3220607bd05b43f13e19a7c38551911fb968285125a1192889d",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "60cbe8b3b3142737b347c59e1c270746726a6f1a2c1f19c36ef5680dc1769485",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "56d236e398bb25b5de834e21994c4acc42a2a497c2d38b1fb519b031df0a8db2",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "11c2e69c79868493ca2b467a926901f97add05a8efd0893e10b7570ea9cb574f",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "50bccae1f70407641b1589af842af6afa38b72cb80bce029f4562cb9bd0e0390",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths",
"values": [
"(default)"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "83778a9f4c624290c55857d40bfb437ec008cf96087dba7c23c5199c0352d195",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths",
"values": [
"(default)"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "2028462966ff1badf8eceb4bd9e7c716154c799545ca44a31e74dd10ad9bca4a",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\App Paths",
"values": [
"(default)"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "39d4d043291caa4ce87f0fcd002f3b1918529dbfcc1eb14d46d434476438b3f5",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
"values": [
"AppSetup",
"Shell",
"Userinit",
"VmApplet",
"Taskman"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "7bc1354da25558d0d558263453744e82e780f2ba44d84f9fdd2701567b877338",
"key": "HKCU\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
"values": [
"Shell",
"ShellInfrastructure"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "e3a30ad39906d0a7efa3e307cb4c2cbf8fa97a6e6e277d5e611152580d899f8d",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
"values": [
"shell"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "bcd46f7fc7177bf8308da9b8722840171446a22a2256d52161c66ebe1bd38f4a",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
"values": [
"ShellInfrastructure"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "34daf7d2e2ddf1e3567a008428657735efc87cb2417bd9eb9a948f1698ef2498",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\AlternateShells\\AvailableShells",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "f39bc2553f35000d92da7d4fe72abcc941125021a0d0940e23ba6a8aa79263a0",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GpExtensions",
"values": [
"DllName"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "01dea2465bc741bc5758e313059c5c0a6f8407d79e1437217c7cf3e0ab5f7081",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions",
"values": [
"DllName"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "2ae121e37f180810e9940f05c9b8496a53c481a2a92cdcaa4c4eb7a5701112c4",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify",
"values": [
"DllName"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "7cb864762bed644eb1952452f0def7162d641e1af6d3d9485d6489989a99c0ed",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify",
"values": [
"DllName"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "d79709146bb530c05b116dfb4269db245c0f0ab4cfb800bc71183ea21e26aa5c",
"key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"values": [
"Appinit_Dlls"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "cc00e083a8d2b60d033d05569cb6a543033d66d724a3508d6ef8160ea45575a6",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"values": [
"Appinit_Dlls"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "eafd4a47d5b08d4e934235aa3f9ebbf4179ab5e4fa626fb228ee94d33b5c63f2",
"key": "HKLM\\SOFTWARE\\Classes\\Exefile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "2bfbb72e6b362977ac932a15554a3b089999bf990548fa7fd5b1708f5016d5b2",
"key": "HKCR\\Exefile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "2292a34c8f0e62fd0ae899ff174a2305db811aabfae9eabcbfc1ea7c81433d8c",
"key": "HKLM\\SOFTWARE\\Classes\\batfile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "1876369d92dea7c6760ad6e4e377f2f5160e125a7585ebb4ff8fd99d51d3803a",
"key": "HKCR\\batfile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "93c8a4efc631822be15a81088a3e20a68baf8b2edec8a0b71b33f1c6cc4de6a5",
"key": "HKLM\\SOFTWARE\\Classes\\comfile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "d92d9c77c921187f23c8be5e952c2003ba9f5441d57a5bbd1c5489f6040bdf9e",
"key": "HKCR\\comfile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "5c0313c34991ffabdcf5e9f69001ae86029868c28d1d9b5d9a59b580e3b449eb",
"key": "HKLM\\SOFTWARE\\Classes\\piffile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "5cb7c45f45febe58850faaf800d5f1d6151392bffbf9d54369b792cc2236a725",
"key": "HKCR\\piffile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "c385ffc73b20bf66aa5c29c6ba470803de876d647675f07b486373a52694cb69",
"key": "HKLM\\SOFTWARE\\Classes\\Htmlfile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "3cd5219ee1d06e7279d74a60455c58676b23e16fe4a3cce4194cc5d6fb2597f4",
"key": "HKCR\\Htmlfile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "af2cbe0620c7f9b6a93e4986137990e45105ba4cf1a1c38fa2a329323e620400",
"key": "HKLM\\SOFTWARE\\Classes\\htafile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "f850fd6fdce004208c3f5095d4505fc42cf6dce0b4ded541f6cd7eade67f997c",
"key": "HKCR\\htafile\\Shell\\Open\\Command",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "c3d7d60e2aba4c91ed55fd25c319c669f52fc8d0287796442a1d400972ec8644",
"key": "HKLM\\System\\CurrentControlSet\\Control\\Session Manager",
"values": [
"BootExecute"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "863db81427ddfdd8d9559dae21feba62dc8fd35c4111544b14351f93c2280d31",
"key": "HKLM\\System\\CurrentControlSet\\Control\\Print\\Monitors",
"values": [
"Driver"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "6963bda9646e22bb3a4a4cbfdf75c6fef7ff61627b993d3ed195612ee929dd18",
"key": "HKLM\\SYSTEM\\CurrentControlSet\\Services",
"values": [
"ImagePath",
"ObjectName"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "458572e82a87ad5cd68cf499467347a1749adb64ea67f945a14f41f4bef538fc",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
"values": [
"Debugger"
],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": true
},
{
"dataHash": "34a18851fdd2c1b11554022a32cfe0abc5419d182b6aab85cacf72d495a5d592",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\BitLocker",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
},
{
"dataHash": "083305cf04942082a1b6a280b849d2f1a36402af91f3954a59e7e63b8a8aa65b",
"key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\BitLockerSQM",
"values": [],
"modifiedBy": "Cybereason",
"lastModified": 1553423190814,
"depth": false
}
],
"smartFilteringEnabled": false,
"smartFilteringProcessWhitelist": [],
"smartFilteringBudgetCap": 50
},
"endpointUiSettings": {
"systemTrayIconEnabled": true,
"notifications": {
"signaturesAV": {
"enabled": false,
"status": "PREVENTION_ONLY"
},
"artificialIntelligence": {
"enabled": false,
"status": "PREVENTION_ONLY"
},
"powerShell": {
"enabled": false,
"status": "PREVENTION_ONLY"
},
"ransomware": {
"enabled": false,
"status": "PREVENTION_ONLY"
},
"remediationAction": {
"enabled": false,
"status": "PREVENTION_ONLY"
}
}
}
}