⚠️ Create New Policy
POST {{cb_url}}/integrationServices/v3/policy/
Create a new Policy on the Carbon Black Cloud backend from a policy JSON string. At this time, there is no comprehensive reference to the options available in the Policy schema, so the best way to use this API is to extract the “policy” key from a policy object (retrieved via the “GET” method above) and use it as a template for the new policy.
The new policy must be contained in a JSON object named policyInfo
. The contents of the policyInfo
object must be must include the following keys:
* description
: A description of the policy (can be multiple lines)
* name
: A one-line name for the policy (shown in the UI)
* version
: Must be set to “2” for the current policy API
* priorityLevel
: HIGH
, MEDIUM
or LOW
- the priority score associated with sensors assigned to this policy.
* policy
: the JSON object containing the policy details. See examples in the policy
key from the policies in the GET request above.
Request Body
{"policyInfo"=>{"description"=>"test policy for documentation", "name"=>"documentation test", "policy"=>{"avSettings"=>{"apc"=>{"enabled"=>false, "maxExeDelay"=>45, "maxFileSize"=>4, "riskLevel"=>4}, "features"=>[{"enabled"=>false, "name"=>"SIGNATURE_UPDATE"}, {"enabled"=>true, "name"=>"ONACCESS_SCAN"}, {"enabled"=>true, "name"=>"ONDEMAND_SCAN"}], "onAccessScan"=>{"profile"=>"NORMAL"}, "onDemandScan"=>{"profile"=>"NORMAL", "scanCdDvd"=>"AUTOSCAN", "scanUsb"=>"AUTOSCAN", "schedule"=>{"days"=>nil, "rangeHours"=>0, "recoveryScanIfMissed"=>true, "startHour"=>0}}, "signatureUpdate"=>{"schedule"=>{"fullIntervalHours"=>0, "initialRandomDelayHours"=>4, "intervalHours"=>2}}, "updateServers"=>{"servers"=>[{"flags"=>0, "regId"=>nil, "server"=>["http://updates.cdc.carbonblack.io/update"]}], "serversForOffSiteDevices"=>["http://updates.cdc.carbonblack.io/update"]}}, "directoryActionRules"=>[{"actions"=>{"FILE_UPLOAD"=>false, "PROTECTION"=>false}, "path"=>"C:\\FXCM\\**"}, {"actions"=>{"FILE_UPLOAD"=>true, "PROTECTION"=>false}, "path"=>"sadf"}, {"actions"=>{"FILE_UPLOAD"=>true, "PROTECTION"=>false}, "path"=>"/Users/**"}], "id"=>-1, "rules"=>[{"action"=>"DENY", "application"=>{"type"=>"REPUTATION", "value"=>"KNOWN_MALWARE"}, "id"=>1, "operation"=>"RUN", "required"=>true}, {"action"=>"DENY", "application"=>{"type"=>"REPUTATION", "value"=>"COMPANY_BLACK_LIST"}, "id"=>2, "operation"=>"RUN", "required"=>true}, {"action"=>"DENY", "application"=>{"type"=>"REPUTATION", "value"=>"KNOWN_MALWARE"}, "id"=>3, "operation"=>"NETWORK", "required"=>false}, {"action"=>"TERMINATE", "application"=>{"type"=>"REPUTATION", "value"=>"ADAPTIVE_WHITE_LIST"}, "id"=>5, "operation"=>"RANSOM", "required"=>false}, {"action"=>"IGNORE", "application"=>{"type"=>"NAME_PATH", "value"=>"**\\devenv.exe"}, "id"=>4, "operation"=>"RANSOM", "required"=>false}, {"action"=>"DENY", "application"=>{"type"=>"NAME_PATH", "value"=>"%SystemDrive%\\Windows\\System32\\notepad2.exe"}, "id"=>10, "operation"=>"RUN", "required"=>false}, {"action"=>"DENY", "application"=>{"type"=>"REPUTATION", "value"=>"KNOWN_MALWARE"}, "id"=>11, "operation"=>"RANSOM", "required"=>true}, {"action"=>"DENY", "application"=>{"type"=>"REPUTATION", "value"=>"KNOWN_MALWARE"}, "id"=>13, "operation"=>"MEMORY_SCRAPE", "required"=>false}, {"action"=>"DENY", "application"=>{"type"=>"REPUTATION", "value"=>"KNOWN_MALWARE"}, "id"=>14, "operation"=>"CODE_INJECTION", "required"=>false}, {"action"=>"DENY", "application"=>{"type"=>"REPUTATION", "value"=>"KNOWN_MALWARE"}, "id"=>15, "operation"=>"RUN_INMEMORY_CODE", "required"=>false}, {"action"=>"DENY", "application"=>{"type"=>"REPUTATION", "value"=>"KNOWN_MALWARE"}, "id"=>17, "operation"=>"POL_INVOKE_NOT_TRUSTED", "required"=>false}, {"action"=>"DENY", "application"=>{"type"=>"REPUTATION", "value"=>"KNOWN_MALWARE"}, "id"=>18, "operation"=>"INVOKE_CMD_INTERPRETER", "required"=>false}, {"action"=>"DENY", "application"=>{"type"=>"REPUTATION", "value"=>"KNOWN_MALWARE"}, "id"=>20, "operation"=>"INVOKE_SCRIPT", "required"=>false}, {"action"=>"DENY", "application"=>{"type"=>"REPUTATION", "value"=>"RESOLVING"}, "id"=>22, "operation"=>"RUN", "required"=>false}, {"action"=>"DENY", "application"=>{"type"=>"REPUTATION", "value"=>"PUP"}, "id"=>23, "operation"=>"RUN", "required"=>false}, {"action"=>"DENY", "application"=>{"type"=>"REPUTATION", "value"=>"SUSPECT_MALWARE"}, "id"=>24, "operation"=>"RUN", "required"=>false}, {"action"=>"DENY", "application"=>{"type"=>"REPUTATION", "value"=>"ADAPTIVE_WHITE_LIST"}, "id"=>25, "operation"=>"NETWORK", "required"=>false}, {"action"=>"ALLOW", "application"=>{"type"=>"NAME_PATH", "value"=>"c:\\test\\**"}, "id"=>26, "operation"=>"INVOKE_SCRIPT", "required"=>false}], "sensorSettings"=>[{"name"=>"SHOW_UI", "value"=>"true"}, {"name"=>"BACKGROUND_SCAN", "value"=>"true"}, {"name"=>"POLICY_ACTION_OVERRIDE", "value"=>"true"}, {"name"=>"QUARANTINE_DEVICE_MESSAGE", "value"=>"Your device has been quarantined by your computer administrator."}, {"name"=>"LOGGING_LEVEL", "value"=>"false"}, {"name"=>"ALLOW_UNINSTALL", "value"=>"true"}, {"name"=>"QUARANTINE_DEVICE", "value"=>"false"}, {"name"=>"RATE_LIMIT", "value"=>"0"}, {"name"=>"CONNECTION_LIMIT", "value"=>"0"}, {"name"=>"QUEUE_SIZE", "value"=>"100"}, {"name"=>"LEARNING_MODE", "value"=>"0"}, {"name"=>"SCAN_NETWORK_DRIVE", "value"=>"true"}, {"name"=>"BYPASS_AFTER_LOGIN_MINS", "value"=>"0"}, {"name"=>"BYPASS_AFTER_RESTART_MINS", "value"=>"0"}, {"name"=>"SCAN_EXECUTE_ON_NETWORK_DRIVE", "value"=>"true"}, {"name"=>"DELAY_EXECUTE", "value"=>"true"}, {"name"=>"PRESERVE_SYSTEM_MEMORY_SCAN", "value"=>"false"}, {"name"=>"HASH_MD5", "value"=>"false"}, {"name"=>"SCAN_LARGE_FILE_READ", "value"=>"false"}, {"name"=>"SHOW_FULL_UI", "value"=>"true"}, {"name"=>"HELP_MESSAGE", "value"=>"CarbonBlack"}, {"name"=>"SECURITY_CENTER_OPT", "value"=>"true"}, {"name"=>"CB_LIVE_RESPONSE", "value"=>"true"}, {"name"=>"UNINSTALL_CODE", "value"=>"false"}]}, "priorityLevel"=>"LOW", "version"=>2}}
HEADERS
Key | Datatype | Required | Description |
---|---|---|---|
Content-Type | string |