Get Policy Details
GET {{cb_url}}/policyservice/v1/orgs/{{cb_org_key}}/policies/{{cb_policy_id}}
Get a policy’s details by id
RBAC PERMISSIONS REQUIRED
Permission (.notation name) | Operation(s) |
---|---|
org.policies | READ |
HEADERS
Key | Datatype | Required | Description |
---|---|---|---|
X-Auth-Token | string |
RESPONSES
status: OK
{"id":33259924,"name":"Kylie_SDK_HBFW","org_key":"4J9TY56DMZ","priority_level":"LOW","position":-1,"is_system":false,"description":"","auto_deregister_inactive_vdi_interval_ms":0,"auto_deregister_inactive_vm_workloads_interval_ms":0,"update_time":1687556026798,"av_settings":{"avira_protection_cloud":{"enabled":true,"max_exe_delay":45,"max_file_size":4,"risk_level":4},"on_access_scan":{"enabled":false,"mode":"NORMAL"},"on_demand_scan":{"enabled":false,"profile":"NORMAL","schedule":{"start_hour":0,"range_hours":0,"recovery_scan_if_missed":true},"scan_usb":"AUTOSCAN","scan_cd_dvd":"AUTOSCAN"},"signature_update":{"enabled":false,"schedule":{"full_interval_hours":0,"initial_random_delay_hours":4,"interval_hours":4}},"update_servers":{"servers_override":[],"servers_for_onsite_devices":[{"server":"http://updates2.cdc.carbonblack.io/update2","preferred":false}],"servers_for_offsite_devices":["http://updates2.cdc.carbonblack.io/update2"]}},"rules":[{"id":1,"required":false,"action":"DENY","application":{"type":"REPUTATION","value":"KNOWN_MALWARE"},"operation":"RUN"}],"directory_action_rules":[],"sensor_settings":[{"name":"ALLOW_UNINSTALL","value":"true"},{"name":"SHOW_UI","value":"false"},{"name":"ENABLE_THREAT_SHARING","value":"true"},{"name":"QUARANTINE_DEVICE","value":"false"},{"name":"LOGGING_LEVEL","value":"false"},{"name":"QUARANTINE_DEVICE_MESSAGE","value":"Your device has been quarantined. Please contact your administrator."},{"name":"SET_SENSOR_MODE","value":"0"},{"name":"SENSOR_RESET","value":"0"},{"name":"BACKGROUND_SCAN","value":"true"},{"name":"POLICY_ACTION_OVERRIDE","value":"true"},{"name":"HELP_MESSAGE","value":""},{"name":"PRESERVE_SYSTEM_MEMORY_SCAN","value":"false"},{"name":"HASH_MD5","value":"false"},{"name":"SCAN_LARGE_FILE_READ","value":"false"},{"name":"SCAN_EXECUTE_ON_NETWORK_DRIVE","value":"true"},{"name":"DELAY_EXECUTE","value":"false"},{"name":"SCAN_NETWORK_DRIVE","value":"false"},{"name":"BYPASS_AFTER_LOGIN_MINS","value":"0"},{"name":"BYPASS_AFTER_RESTART_MINS","value":"0"},{"name":"SHOW_FULL_UI","value":"false"},{"name":"SECURITY_CENTER_OPT","value":"true"},{"name":"CB_LIVE_RESPONSE","value":"false"},{"name":"ALLOW_INLINE_BLOCKING","value":"true"},{"name":"UNINSTALL_CODE","value":"false"},{"name":"DEFENSE_OPT_OUT","value":"false"},{"name":"UBS_OPT_IN","value":"false"}],"rule_configs":[{"id":"1c03d653-eca4-4adc-81a1-04b17b6cbffc","name":"Event Reporting and Sensor Operation Exclusions","description":"Allows customers to exclude specific processes and process events from reporting to CBC","inherited_from":"psc:region","category":"bypass","parameters":{}},{"id":"df181779-f623-415d-879e-91c40246535d","name":"Host Based Firewall","description":"These are the Host based Firewall Rules which will be executed by the sensor. The Definition will be part of Main Policies.","inherited_from":"","category":"host_based_firewall","parameters":{"rule_groups":[{"description":"Description of Demo Rule Group","name":"Demo Rule Group","rules":[{"action":"ALLOW","application_path":"C:\\sdk\\example\\allow\\rule\\path","direction":"IN","enabled":false,"local_ip_address":"11.12.13.14","local_port_ranges":"1313","name":"SDK Example Rule","network_profile":["PUBLIC","PRIVATE","DOMAIN"],"protocol":"TCP","remote_ip_address":"15.16.17.18","remote_port_ranges":"2121","rule_access_check_guid":"94ab82ca-d8bf-4496-94c3-c9b4aeb4832d","rule_inbound_event_check_guid":"84312e52-f4bb-4d2a-a23f-f01986d6813c","rule_outbound_event_check_guid":"35e9ae4c-6d42-48f5-904a-d2e1be959595","test_mode":false}],"ruleset_id":"7235fcbd-1c3a-4ace-b350-6b079a1e7d2a"},{"description":"testing bug with saving is fixed","name":"rule_group_202306230_01","rules":[{"action":"ALLOW","application_path":"C:\\sdk\\example\\allow\\rule\\path","direction":"IN","enabled":false,"local_ip_address":"11.12.13.14","local_port_ranges":"1313","name":"test01 rule","network_profile":["PUBLIC","PRIVATE","DOMAIN"],"protocol":"TCP","remote_ip_address":"15.16.17.18","remote_port_ranges":"2121","rule_access_check_guid":"a64e7409-4465-4162-a69a-2337e0e0d09c","rule_inbound_event_check_guid":"23e0548f-2d68-41be-ac4e-e9c9c60e4d51","rule_outbound_event_check_guid":"595cb409-b2c3-4f01-ac91-797a9f3147bd","test_mode":false}],"ruleset_id":"87ddb873-124f-4e9d-93d9-d0fea0d2c967"}],"default_rule":{"action":"ALLOW","default_rule_access_check_guid":"0f4d11c5-cfb2-405d-9482-24ddf813dd02","default_rule_inbound_event_check_guid":"76d0d19f-b499-4c23-a9cb-79583fad154b","default_rule_outbound_event_check_guid":"d7b42c09-7819-4f6b-a5ab-2a99e0a5c26b"},"enable_host_based_firewall":false}},{"id":"1f8a5e4b-34f2-4d31-9f8f-87c56facaec8","name":"Advanced Scripting Prevention","description":"Addresses malicious fileless and file-backed scripts that leverage native programs and common scripting languages.","inherited_from":"psc:region","category":"core_prevention","parameters":{"WindowsAssignmentMode":"REPORT"}},{"id":"c4ed61b3-d5aa-41a9-814f-0f277451532b","name":"Carbon Black Threat Intel","description":"Addresses common and pervasive TTPs used for malicious activity as well as living off the land TTPs/behaviors detected by Carbon Black’s Threat Analysis Unit.","inherited_from":"psc:region","category":"core_prevention","parameters":{"WindowsAssignmentMode":"REPORT"}},{"id":"8a16234c-9848-473a-a803-f0f0ffaf5f29","name":"Persistence","description":"Addresses common TTPs/behaviors that threat actors use to retain access to systems across restarts, changed credentials, and other interruptions that could cut off their access.","inherited_from":"psc:region","category":"core_prevention","parameters":{"WindowsAssignmentMode":"BLOCK"}},{"id":"91c919da-fb90-4e63-9eac-506255b0a0d0","name":"Authentication Events","description":"Authentication Events","inherited_from":"","category":"data_collection","parameters":{"enable_auth_events":false}},{"id":"1664f2e6-645f-4d6e-98ec-0c80485cbe0f","name":"Event Reporting Exclusions","description":"Allows customers to exclude specific processes from reporting events to CBC","inherited_from":"psc:region","category":"bypass","parameters":{}},{"id":"491dd777-5a76-4f58-88bf-d29926d12778","name":"Prevalent Module Exclusions","description":"Tune collection of events from prevalent modules","inherited_from":"psc:region","category":"data_collection","parameters":{"enable_prevalent_module_event_collection":false}},{"id":"ac67fa14-f6be-4df9-93f2-6de0dbd96061","name":"Credential Theft","description":"Addresses threat actors obtaining credentials and relies on detecting the malicious use of TTPs/behaviors that indicate such activity.","inherited_from":"psc:region","category":"core_prevention","parameters":{"WindowsAssignmentMode":"REPORT"}},{"id":"88b19232-7ebb-48ef-a198-2a75a282de5d","name":"Privilege Escalation","description":"Addresses behaviors that indicate a threat actor has gained elevated access via a bug or misconfiguration within an operating system, and leverages the detection of TTPs/behaviors to prevent such activity.","inherited_from":"psc:region","category":"core_prevention","parameters":{"WindowsAssignmentMode":"REPORT"}},{"id":"97a03cc2-5796-4864-b16d-790d06bea20d","name":"Defense Evasion","description":"Addresses common TTPs/behaviors that threat actors use to avoid detection such as uninstalling or disabling security software, obfuscating or encrypting data/scripts and abusing trusted processes to hide and disguise their malicious activity.","inherited_from":"psc:region","category":"core_prevention","parameters":{"WindowsAssignmentMode":"REPORT"}}],"sensor_configs":[]}