Hi @alextg thanks for trying out Elastic Security. My understanding is that you want to create Elastic Defend Policies and customize them through the API. I will map out a way to do that below. Because I'm copy/pasting entire API responses, I'm breaking this up to two posts so it fits in the character limits.
Judging from the above, I assume you already have an agent_policy_id
that you want to add the integration to. Assuming that is the case, you can use the API like below to add the default integration. It seems you've already gotten this far, but adding it for completeness.
Initialize the Elastic Defend policy
curl --user <user>:<pass> 'https://<kibana-url>:5601/api/fleet/package_policies' \
-H 'Accept: */*' \
-H 'Accept-Language: en-US,en;q=0.9' \
-H 'Connection: keep-alive' \
-H 'Content-Type: application/json' \
-H 'Sec-Fetch-Dest: empty' \
-H 'Sec-Fetch-Mode: cors' \
-H 'Sec-Fetch-Site: same-origin' \
-H 'kbn-version: 8.5.4' \
--data-raw '{"name":"Protect","description":"","namespace":"default","policy_id":<POLICY_ID>,"enabled":true,"inputs":[{"enabled":true,"streams":[],"type":"ENDPOINT_INTEGRATION_CONFIG","config":{"_config":{"value":{"type":"endpoint","endpointConfig":{"preset":"EDRComplete"}}}}}],"package":{"name":"endpoint","title":"Elastic Defend","version":"8.5.0"}}' \
--compressed
Make sure you replace <POLICY_ID>
with your agent_policy_id
.
You should get a response which looks something like the below:
{
"item":{
"id":"de5d7dd6-877b-45ef-9db3-f72776b4d091",
"version":"WzMwOTcsMV0=",
"name":"Protect",
"namespace":"default",
"description":"",
"package":{
"name":"endpoint",
"title":"Elastic Defend",
"version":"8.5.0"
},
"enabled":true,
"policy_id":"b4be0860-d492-11ed-a59c-3ffbbd16325a",
"inputs":[
{
"type":"endpoint",
"enabled":true,
"streams":[
],
"config":{
"integration_config":{
"value":{
"type":"endpoint",
"endpointConfig":{
"preset":"EDRComplete"
}
}
},
"artifact_manifest":{
"value":{
"manifest_version":"1.0.2",
"schema_version":"v1",
"artifacts":{
"endpoint-exceptionlist-macos-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-exceptionlist-macos-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-exceptionlist-windows-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-exceptionlist-windows-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-exceptionlist-linux-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-exceptionlist-linux-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-trustlist-macos-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-trustlist-macos-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-trustlist-windows-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-trustlist-windows-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-trustlist-linux-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-trustlist-linux-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-eventfilterlist-macos-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-eventfilterlist-macos-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-eventfilterlist-windows-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-eventfilterlist-windows-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-eventfilterlist-linux-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-eventfilterlist-linux-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-hostisolationexceptionlist-macos-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-hostisolationexceptionlist-macos-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-hostisolationexceptionlist-windows-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-hostisolationexceptionlist-windows-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-hostisolationexceptionlist-linux-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-hostisolationexceptionlist-linux-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-blocklist-macos-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-blocklist-macos-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-blocklist-windows-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-blocklist-windows-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-blocklist-linux-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-blocklist-linux-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
}
}
}
},
"policy":{
"value":{
"windows":{
"events":{
"dll_and_driver_load":true,
"dns":true,
"file":true,
"network":true,
"process":true,
"registry":true,
"security":true
},
"malware":{
"mode":"prevent",
"blocklist":true
},
"ransomware":{
"mode":"prevent",
"supported":true
},
"memory_protection":{
"mode":"prevent",
"supported":true
},
"behavior_protection":{
"mode":"prevent",
"supported":true
},
"popup":{
"malware":{
"message":"",
"enabled":true
},
"ransomware":{
"message":"",
"enabled":true
},
"memory_protection":{
"message":"",
"enabled":true
},
"behavior_protection":{
"message":"",
"enabled":true
}
},
"logging":{
"file":"info"
},
"antivirus_registration":{
"enabled":false
},
"attack_surface_reduction":{
"credential_hardening":{
"enabled":true
}
}
},
"mac":{
"events":{
"process":true,
"file":true,
"network":true
},
"malware":{
"mode":"prevent",
"blocklist":true
},
"behavior_protection":{
"mode":"prevent",
"supported":true
},
"memory_protection":{
"mode":"prevent",
"supported":true
},
"popup":{
"malware":{
"message":"",
"enabled":true
},
"behavior_protection":{
"message":"",
"enabled":true
},
"memory_protection":{
"message":"",
"enabled":true
}
},
"logging":{
"file":"info"
}
},
"linux":{
"events":{
"process":true,
"file":true,
"network":true,
"session_data":false,
"tty_io":false
},
"malware":{
"mode":"prevent",
"blocklist":true
},
"behavior_protection":{
"mode":"prevent",
"supported":true
},
"memory_protection":{
"mode":"prevent",
"supported":true
},
"popup":{
"malware":{
"message":"",
"enabled":true
},
"behavior_protection":{
"message":"",
"enabled":true
},
"memory_protection":{
"message":"",
"enabled":true
}
},
"logging":{
"file":"info"
}
}
}
}
}
}
],
"revision":1,
"created_at":"2023-04-06T15:53:14.020Z",
"created_by":"elastic",
"updated_at":"2023-04-06T15:53:14.020Z",
"updated_by":"elastic"
}
}
Customize the policy settings
Next, prepare and make the call with your custom Elastic Defend policy.
Keep note of the id
field, in this case, "id":"de5d7dd6-877b-45ef-9db3-f72776b4d091"
. This is the package-policy-id
.
Make the following modifications:
-
Pull out all of the content under the top level item:{}
field.
-
Remove the following fields
"revision":1,
"created_at":"2023-04-06T15:53:14.020Z",
"created_by":"elastic",
"updated_at":"2023-04-06T15:53:14.020Z",
"updated_by":"elastic"
- Remove that same
id
field you got the package policy id from:
"id":"de5d7dd6-877b-45ef-9db3-f72776b4d091"
You should be left with an object that looks like the below. Make any changes to the policy
section that you'd like:
{
"version":"WzMwOTcsMV0=",
"name":"Protect",
"namespace":"default",
"description":"",
"package":{
"name":"endpoint",
"title":"Elastic Defend",
"version":"8.5.0"
},
"enabled":true,
"policy_id":"b4be0860-d492-11ed-a59c-3ffbbd16325a",
"inputs":[
{
"type":"endpoint",
"enabled":true,
"streams":[
],
"config":{
"integration_config":{
"value":{
"type":"endpoint",
"endpointConfig":{
"preset":"EDRComplete"
}
}
},
"artifact_manifest":{
"value":{
"manifest_version":"1.0.2",
"schema_version":"v1",
"artifacts":{
"endpoint-exceptionlist-macos-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-exceptionlist-macos-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-exceptionlist-windows-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-exceptionlist-windows-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-exceptionlist-linux-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-exceptionlist-linux-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-trustlist-macos-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-trustlist-macos-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-trustlist-windows-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-trustlist-windows-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-trustlist-linux-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-trustlist-linux-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-eventfilterlist-macos-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-eventfilterlist-macos-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-eventfilterlist-windows-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-eventfilterlist-windows-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-eventfilterlist-linux-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-eventfilterlist-linux-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-hostisolationexceptionlist-macos-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-hostisolationexceptionlist-macos-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-hostisolationexceptionlist-windows-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-hostisolationexceptionlist-windows-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-hostisolationexceptionlist-linux-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-hostisolationexceptionlist-linux-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-blocklist-macos-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-blocklist-macos-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-blocklist-windows-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-blocklist-windows-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
},
"endpoint-blocklist-linux-v1":{
"encryption_algorithm":"none",
"decoded_sha256":"d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"decoded_size":14,
"encoded_sha256":"f8e6afa1d5662f5b37f83337af774b5785b5b7f1daee08b7b00c2d6813874cda",
"encoded_size":22,
"relative_url":"/api/fleet/artifacts/endpoint-blocklist-linux-v1/d801aa1fb7ddcc330a5e3173372ea6af4a3d08ec58074478e85aa5603e926658",
"compression_algorithm":"zlib"
}
}
}
},
"policy":{
"value":{
"windows":{
"events":{
"dll_and_driver_load":true,
"dns":true,
"file":true,
"network":true,
"process":true,
"registry":true,
"security":true
},
"malware":{
"mode":"prevent",
"blocklist":true
},
"ransomware":{
"mode":"prevent",
"supported":true
},
"memory_protection":{
"mode":"prevent",
"supported":true
},
"behavior_protection":{
"mode":"prevent",
"supported":true
},
"popup":{
"malware":{
"message":"",
"enabled":true
},
"ransomware":{
"message":"",
"enabled":true
},
"memory_protection":{
"message":"",
"enabled":true
},
"behavior_protection":{
"message":"",
"enabled":true
}
},
"logging":{
"file":"info"
},
"antivirus_registration":{
"enabled":false
},
"attack_surface_reduction":{
"credential_hardening":{
"enabled":true
}
}
},
"mac":{
"events":{
"process":true,
"file":true,
"network":true
},
"malware":{
"mode":"prevent",
"blocklist":true
},
"behavior_protection":{
"mode":"prevent",
"supported":true
},
"memory_protection":{
"mode":"prevent",
"supported":true
},
"popup":{
"malware":{
"message":"",
"enabled":true
},
"behavior_protection":{
"message":"",
"enabled":true
},
"memory_protection":{
"message":"",
"enabled":true
}
},
"logging":{
"file":"info"
}
},
"linux":{
"events":{
"process":true,
"file":true,
"network":true,
"session_data":false,
"tty_io":false
},
"malware":{
"mode":"prevent",
"blocklist":true
},
"behavior_protection":{
"mode":"prevent",
"supported":true
},
"memory_protection":{
"mode":"prevent",
"supported":true
},
"popup":{
"malware":{
"message":"",
"enabled":true
},
"behavior_protection":{
"message":"",
"enabled":true
},
"memory_protection":{
"message":"",
"enabled":true
}
},
"logging":{
"file":"info"
}
}
}
}
}
}
]
}