Get Core Prevention Rule Configs

GET {{cb_url}}/policyservice/v1/orgs/{{cb_org_key}}/policies/{{cb_policy_id}}/rule_configs/core_prevention

Fetch configured Core Prevention rule configs.

RBAC PERMISSIONS REQUIRED

Permission (.notation name)	Operation(s)
org.policies	READ

See Documentation

RESPONSES

status: OK

{&quot;results&quot;:[{&quot;id&quot;:&quot;97a03cc2-5796-4864-b16d-790d06bea20d&quot;,&quot;name&quot;:&quot;Defense Evasion&quot;,&quot;description&quot;:&quot;Addresses common TTPs/behaviors that threat actors use to avoid detection such as uninstalling or disabling security software, obfuscating or encrypting data/scripts and abusing trusted processes to hide and disguise their malicious activity.&quot;,&quot;inherited_from&quot;:&quot;psc:region&quot;,&quot;category&quot;:&quot;core_prevention&quot;,&quot;parameters&quot;:{&quot;WindowsAssignmentMode&quot;:&quot;BLOCK&quot;}},{&quot;id&quot;:&quot;8a16234c-9848-473a-a803-f0f0ffaf5f29&quot;,&quot;name&quot;:&quot;Persistence&quot;,&quot;description&quot;:&quot;Addresses common TTPs/behaviors that threat actors use to retain access to systems across restarts, changed credentials, and other interruptions that could cut off their access.&quot;,&quot;inherited_from&quot;:&quot;psc:region&quot;,&quot;category&quot;:&quot;core_prevention&quot;,&quot;parameters&quot;:{&quot;WindowsAssignmentMode&quot;:&quot;BLOCK&quot;},&quot;exclusions&quot;:{&quot;windows&quot;:[{&quot;id&quot;:2441,&quot;criteria&quot;:[{&quot;id&quot;:2648,&quot;type&quot;:&quot;initiator_process&quot;,&quot;attributes&quot;:[{&quot;id&quot;:16817,&quot;name&quot;:&quot;process_sha256&quot;,&quot;values&quot;:[&quot;03feb86ee497e5430c99607a746dc28dc46a3e9be46311dc8f29ef195d93060a&quot;]}]}],&quot;comments&quot;:&quot;&quot;,&quot;created_by&quot;:&quot;tester@carbonblack.com&quot;,&quot;created_at&quot;:&quot;2023-08-31T14:02:47.530Z&quot;,&quot;modified_by&quot;:&quot;tester@carbonblack.com&quot;,&quot;modified_at&quot;:&quot;2023-08-31T14:02:47.530Z&quot;}]}}]}