Get Core Prevention Rule Configs

GET {{cb_url}}/policyservice/v1/orgs/{{cb_org_key}}/policies/{{cb_policy_id}}/rule_configs/core_prevention

Fetch configured Core Prevention rule configs.

RBAC PERMISSIONS REQUIRED

Permission (.notation name)Operation(s)
org.policiesREAD

See Documentation

RESPONSES

status: OK

{"results":[{"id":"97a03cc2-5796-4864-b16d-790d06bea20d","name":"Defense Evasion","description":"Addresses common TTPs/behaviors that threat actors use to avoid detection such as uninstalling or disabling security software, obfuscating or encrypting data/scripts and abusing trusted processes to hide and disguise their malicious activity.","inherited_from":"psc:region","category":"core_prevention","parameters":{"WindowsAssignmentMode":"BLOCK"}},{"id":"8a16234c-9848-473a-a803-f0f0ffaf5f29","name":"Persistence","description":"Addresses common TTPs/behaviors that threat actors use to retain access to systems across restarts, changed credentials, and other interruptions that could cut off their access.","inherited_from":"psc:region","category":"core_prevention","parameters":{"WindowsAssignmentMode":"BLOCK"},"exclusions":{"windows":[{"id":2441,"criteria":[{"id":2648,"type":"initiator_process","attributes":[{"id":16817,"name":"process_sha256","values":["03feb86ee497e5430c99607a746dc28dc46a3e9be46311dc8f29ef195d93060a"]}]}],"comments":"","created_by":"tester@carbonblack.com","created_at":"2023-08-31T14:02:47.530Z","modified_by":"tester@carbonblack.com","modified_at":"2023-08-31T14:02:47.530Z"}]}}]}