Retrieve Details on a Sensor Policy

Endpoint URL: https://<your server>/rest/policies/:policy ID
Endpoint URI: policies/:policy ID

Action: GET

Retrieves the settings for a specific sensor policy with the appropriate settings.

You must be assigned the System Admin role and Sensor Admin L1 role (if your Cybereason environment uses sensor grouping) to send requests to this endpoint URL.

Note

Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.

Request Headers

If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.


Request Body

None


Request Parameters

URL/URI parameters: You must add the string with the unique identifier the Cybereason platform uses for the policy as part of the URL for this request.

Request Body Parameters: None


Response Status Codes

This request can return the following status codes:

  • 200: Success OK with a success or failure message.


Response Success Schema

The response body to create a sensor policy includes many objects (parts):

Note

Not all objects or fields may be relevant for your environment, depending on the features you have enabled in your environment.

See the relevant fields in the linked topics above.


Response Failure Schema

A 200 error with a message describing the error


Important Response Fields

Important information is found in these fields:

  • id: The unique identifier the Cybereason platform uses for the policy. This ensures that the policy is created.

  • name: The name for the policy.


Example: Retrieve details for a sensor policy

Request

curl --request GET \
    --url https://12.34.56.78/rest/policies/c24518b3-799d-41fe-8520-c55bed63aafc \
    --header 'Content-Type:application/json' \

Response

{
  "nameDescription": {
    "name": "Test Policy",
    "description": "For Creation Testing",
    "notes": ""
  },
  "antiMalware": {
    "enabled": false,
    "signatureMode": "DISABLED",
    "documentProtectionMode": "DISABLED",
    "documentProtectionSensitivityLevel": "CAUTIOUS",
    "documentProtectionExclusions": [],
    "detectMode": 1,
    "preventMode": 1,
    "quarantineMaliciousFiles": false,
    "scanDllFiles": false,
    "exclusions": [],
    "quickScanEnabled": false,
    "quickScan": {
      "period": "DAILY",
      "periodicHour": 12,
      "periodicDay": 0,
      "periodicOccurrence": 1
    },
    "quickScanMode": "SCAN",
    "fullScanEnabled": false,
    "fullScan": {
      "period": "WEEKLY",
      "periodicHour": 16,
      "periodicDay": 3,
      "periodicOccurrence": 1
    },
    "fullScanMode": "SKIP",
    "localUpdateServerUrl": "",
    "updateFrequencyIntervalMin": 15,
    "limitFileExtensions": true,
    "ignoreNetworkPaths": true,
    "scanArchives": false
  },
  "antiExploit": {
    "enabled": false,
    "antiExploitMode": "EXISTING",
    "antiExploitExclusions": []
  },
  "powershellProtection": {
    "enabled": false,
    "downloadExecute": "DISABLED",
    "maliciousDownloads": "DISABLED",
    "urlAndDomainExclusions": [],
    "scriptAnalysis": "DISABLED",
    "patternExclusions": [],
    "floatingLoadedModules": "DISABLED",
    "moduleExclusions": [],
    "dotNetToJScript": "DISABLED",
    "processExclusions": []
  },
  "antiRansomware": {
    "mode": "DISABLED",
    "canaryFiles": {
      "rootDrives": {
        "enabled": false,
        "status": "VISIBLE"
      },
      "desktop": {
        "enabled": false,
        "status": "SYSTEM_HIDDEN"
      },
      "usersFolder": {
        "enabled": false,
        "status": "HIDDEN"
      },
      "usersDocuments": {
        "enabled": false,
        "status": "HIDDEN"
      },
      "folderSuffix": "",
      "fileSuffix": ""
    },
    "shadowCopyEnabled": true,
    "mbrEnabled": true,
    "exclusions": [],
    "processEnablers": [
      {
        "processName": "vssadmin",
        "enabled": false
      },
      {
        "processName": "wmic",
        "enabled": false
      },
      {
        "processName": "cmd",
        "enabled": false
      },
      {
        "processName": "iexplore",
        "enabled": false
      },
      {
        "processName": "powershell",
        "enabled": false
      },
      {
        "processName": "wscript",
        "enabled": false
      },
      {
        "processName": "cscript",
        "enabled": false
      },
      {
        "processName": "rundll32",
        "enabled": false
      },
      {
        "processName": "dllhost",
        "enabled": false
      },
      {
        "processName": "taskhost",
        "enabled": false
      },
      {
        "processName": "taskeng",
        "enabled": false
      },
      {
        "processName": "taskhostw",
        "enabled": false
      },
      {
        "processName": "msiexec",
        "enabled": false
      },
      {
        "processName": "python",
        "enabled": false
      }
    ]
  },
  "appControl": {
    "enabled": false
  },
  "endpointProtection": {
    "usbControlEnabled": false,
    "usbBlockEnabled": false,
    "usbExclusions": [],
    "personalFirewallEnabled": false,
    "privateNetworks": false,
    "publicNetworks": false,
    "domains": false,
    "inboundRules": [],
    "outboundRules": []
  },
  "collectionFeatures": {
    "dpiEnabled": false,
    "dpiProxyVisibility": false,
    "dpiLateralMovement": false,
    "metadataEnabled": true,
    "metadataWord": true,
    "metadataExcel": true,
    "metadataPowerpoint": true,
    "metadataAcrobat": true,
    "metadataPowershell": true,
    "fileEventsEnabled": false,
    "fileEventsExclusions": [],
    "registryEventsEnabled": false,
    "registryEventsInclusions": [
      {
        "dataHash": "38ee64726b618d54e8efdf8002d08b1d9228825c73657e3a0140be9613f975f2",
        "key": "HKCU\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "f7979c35f63713493226eea8cdaf860c2ee104aed49e1ebfe9aa212464826e7f",
        "key": "HKCU\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Runonce",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "b853903ca88dc1ad1c7544aef497c5b26c67f6291838c146d3f89b780c056175",
        "key": "HKCU\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunonceEx",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "2dc3e39b20e5f0fc6c1bcf7d266593a04b5f427dbd0b1066bd3e55715f2ab382",
        "key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "064982d7b6685c36730d43ce19deef34028ba070cbdda1a131a93141b8345cd5",
        "key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "4ebbe19a0c91fda995f0b82fc835e514aa51f364c82f2d767442a1e78736670b",
        "key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "6cea5a60c44f01832522a89c8285000fd5e454a82333210666a014e93bf4d5c9",
        "key": "HKCU\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "804c45855ef7ee1f0941831459d015bf6ae9dd4d7f8499d547efbfb1094ae1d1",
        "key": "HKCU\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "81fb85d4952e6d2a4309d6278979cd6fcf01153f70e166b4a4ac1232475cbfeb",
        "key": "HKCU\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "2d49600a1fbb0356d03e22d28175303f9b4388ec7266327cbd67db9e449bdb7a",
        "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "6750d847289fd91cab6b5ce1973fbf79bde7e07bb85ced2072af9d5f89e6e1de",
        "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Runonce",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "6bd5f793189dc4bc8a9f6bfaffd47b0a8be198c2ffd971670e7656c50acd33c9",
        "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunonceEx",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "f76abe5469733b80a612ac12c76a511869a417985c958aa2f184aa6a4a4264ea",
        "key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "bbff6d2d8396c7489092806aed7389ee40133b3027298c8661db08a3b9e9a584",
        "key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "f0baf48927bd53cf77dc683c634d39e6cb18ac95ea966102dd10cd72947d0f71",
        "key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "54ba23c2748b2123ec096e83e5a77d4f264d9636c9af4be494e2b4465bbba4e0",
        "key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "27bc3a29025d0913a85b3b17dfd69e06562271e58fabc4e898c16a06c007bc4b",
        "key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "b4f917af8940eabf1e3b11f97c277d3e10c042eddef4a6c2aa3a9be31d3c30d1",
        "key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "11059bdb9b8df3220607bd05b43f13e19a7c38551911fb968285125a1192889d",
        "key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "60cbe8b3b3142737b347c59e1c270746726a6f1a2c1f19c36ef5680dc1769485",
        "key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "56d236e398bb25b5de834e21994c4acc42a2a497c2d38b1fb519b031df0a8db2",
        "key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "11c2e69c79868493ca2b467a926901f97add05a8efd0893e10b7570ea9cb574f",
        "key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "50bccae1f70407641b1589af842af6afa38b72cb80bce029f4562cb9bd0e0390",
        "key": "HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths",
        "values": [
          "(default)"
        ],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": true
      },
      {
        "dataHash": "83778a9f4c624290c55857d40bfb437ec008cf96087dba7c23c5199c0352d195",
        "key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths",
        "values": [
          "(default)"
        ],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": true
      },
      {
        "dataHash": "2028462966ff1badf8eceb4bd9e7c716154c799545ca44a31e74dd10ad9bca4a",
        "key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\App Paths",
        "values": [
          "(default)"
        ],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": true
      },
      {
        "dataHash": "39d4d043291caa4ce87f0fcd002f3b1918529dbfcc1eb14d46d434476438b3f5",
        "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
        "values": [
          "AppSetup",
          "Shell",
          "Userinit",
          "VmApplet",
          "Taskman"
        ],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "7bc1354da25558d0d558263453744e82e780f2ba44d84f9fdd2701567b877338",
        "key": "HKCU\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
        "values": [
          "Shell",
          "ShellInfrastructure"
        ],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "e3a30ad39906d0a7efa3e307cb4c2cbf8fa97a6e6e277d5e611152580d899f8d",
        "key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
        "values": [
          "shell"
        ],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "bcd46f7fc7177bf8308da9b8722840171446a22a2256d52161c66ebe1bd38f4a",
        "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
        "values": [
          "ShellInfrastructure"
        ],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "34daf7d2e2ddf1e3567a008428657735efc87cb2417bd9eb9a948f1698ef2498",
        "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\AlternateShells\\AvailableShells",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "f39bc2553f35000d92da7d4fe72abcc941125021a0d0940e23ba6a8aa79263a0",
        "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GpExtensions",
        "values": [
          "DllName"
        ],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": true
      },
      {
        "dataHash": "01dea2465bc741bc5758e313059c5c0a6f8407d79e1437217c7cf3e0ab5f7081",
        "key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions",
        "values": [
          "DllName"
        ],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": true
      },
      {
        "dataHash": "2ae121e37f180810e9940f05c9b8496a53c481a2a92cdcaa4c4eb7a5701112c4",
        "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify",
        "values": [
          "DllName"
        ],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": true
      },
      {
        "dataHash": "7cb864762bed644eb1952452f0def7162d641e1af6d3d9485d6489989a99c0ed",
        "key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Notify",
        "values": [
          "DllName"
        ],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": true
      },
      {
        "dataHash": "d79709146bb530c05b116dfb4269db245c0f0ab4cfb800bc71183ea21e26aa5c",
        "key": "HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
        "values": [
          "Appinit_Dlls"
        ],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "cc00e083a8d2b60d033d05569cb6a543033d66d724a3508d6ef8160ea45575a6",
        "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
        "values": [
          "Appinit_Dlls"
        ],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "eafd4a47d5b08d4e934235aa3f9ebbf4179ab5e4fa626fb228ee94d33b5c63f2",
        "key": "HKLM\\SOFTWARE\\Classes\\Exefile\\Shell\\Open\\Command",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "2bfbb72e6b362977ac932a15554a3b089999bf990548fa7fd5b1708f5016d5b2",
        "key": "HKCR\\Exefile\\Shell\\Open\\Command",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "2292a34c8f0e62fd0ae899ff174a2305db811aabfae9eabcbfc1ea7c81433d8c",
        "key": "HKLM\\SOFTWARE\\Classes\\batfile\\Shell\\Open\\Command",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "1876369d92dea7c6760ad6e4e377f2f5160e125a7585ebb4ff8fd99d51d3803a",
        "key": "HKCR\\batfile\\Shell\\Open\\Command",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "93c8a4efc631822be15a81088a3e20a68baf8b2edec8a0b71b33f1c6cc4de6a5",
        "key": "HKLM\\SOFTWARE\\Classes\\comfile\\Shell\\Open\\Command",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "d92d9c77c921187f23c8be5e952c2003ba9f5441d57a5bbd1c5489f6040bdf9e",
        "key": "HKCR\\comfile\\Shell\\Open\\Command",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "5c0313c34991ffabdcf5e9f69001ae86029868c28d1d9b5d9a59b580e3b449eb",
        "key": "HKLM\\SOFTWARE\\Classes\\piffile\\Shell\\Open\\Command",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "5cb7c45f45febe58850faaf800d5f1d6151392bffbf9d54369b792cc2236a725",
        "key": "HKCR\\piffile\\Shell\\Open\\Command",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "c385ffc73b20bf66aa5c29c6ba470803de876d647675f07b486373a52694cb69",
        "key": "HKLM\\SOFTWARE\\Classes\\Htmlfile\\Shell\\Open\\Command",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "3cd5219ee1d06e7279d74a60455c58676b23e16fe4a3cce4194cc5d6fb2597f4",
        "key": "HKCR\\Htmlfile\\Shell\\Open\\Command",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "af2cbe0620c7f9b6a93e4986137990e45105ba4cf1a1c38fa2a329323e620400",
        "key": "HKLM\\SOFTWARE\\Classes\\htafile\\Shell\\Open\\Command",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "f850fd6fdce004208c3f5095d4505fc42cf6dce0b4ded541f6cd7eade67f997c",
        "key": "HKCR\\htafile\\Shell\\Open\\Command",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "c3d7d60e2aba4c91ed55fd25c319c669f52fc8d0287796442a1d400972ec8644",
        "key": "HKLM\\System\\CurrentControlSet\\Control\\Session Manager",
        "values": [
          "BootExecute"
        ],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "863db81427ddfdd8d9559dae21feba62dc8fd35c4111544b14351f93c2280d31",
        "key": "HKLM\\System\\CurrentControlSet\\Control\\Print\\Monitors",
        "values": [
          "Driver"
        ],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": true
      },
      {
        "dataHash": "6963bda9646e22bb3a4a4cbfdf75c6fef7ff61627b993d3ed195612ee929dd18",
        "key": "HKLM\\SYSTEM\\CurrentControlSet\\Services",
        "values": [
          "ImagePath",
          "ObjectName"
        ],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": true
      },
      {
        "dataHash": "458572e82a87ad5cd68cf499467347a1749adb64ea67f945a14f41f4bef538fc",
        "key": "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
        "values": [
          "Debugger"
        ],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": true
      },
      {
        "dataHash": "34a18851fdd2c1b11554022a32cfe0abc5419d182b6aab85cacf72d495a5d592",
        "key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\BitLocker",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      },
      {
        "dataHash": "083305cf04942082a1b6a280b849d2f1a36402af91f3954a59e7e63b8a8aa65b",
        "key": "HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\BitLockerSQM",
        "values": [],
        "modifiedBy": "Cybereason",
        "lastModified": 1553423190814,
        "depth": false
      }
    ],
    "smartFilteringEnabled": false,
    "smartFilteringProcessWhitelist": [],
    "smartFilteringBudgetCap": 50
  },
  "endpointUiSettings": {
    "systemTrayIconEnabled": true,
    "notifications": {
      "signaturesAV": {
        "enabled": false,
        "status": "PREVENTION_ONLY"
      },
      "artificialIntelligence": {
        "enabled": false,
        "status": "PREVENTION_ONLY"
      },
      "powerShell": {
        "enabled": false,
        "status": "PREVENTION_ONLY"
      },
      "ransomware": {
        "enabled": false,
        "status": "PREVENTION_ONLY"
      },
      "remediationAction": {
        "enabled": false,
        "status": "PREVENTION_ONLY"
      }
    }
  }
}