New Policy Service API Release

Back to Blogs

Posted on April 25, 2022

Overview

Policies are a group of rules and sensor settings that determine preventative behavior. Each endpoint sensor, or sensor group, is assigned to a policy.

With the Policy Service API, you can now manage your Policies for endpoints and workloads with a single CUSTOM API key. This will allow more granular permission controls when creating API keys to manage Policies. This iteration of the Policies API also aligns many field names with those used elsewhere in the product. Policy Service API will serve as the primary API to manage policies in the Carbon Black Cloud going forward.

Requirements

At least one Carbon Black Cloud product
Carbon Black Cloud Endpoint Standard to use preventative policy rules

For standalone Enterprise EDR customers, policy rule options are limited

Predefined Policies

Each organization in the Carbon Black Cloud will contain a set of predefined policies to provide a template to define custom policies. You can assign sensors to these policies, change the policy settings, or duplicate the settings to create a new policy. You cannot delete predefined policies.

Policy	Description	Note
Standard	Blocks known and suspected malware, and prevents risky operations like memory scraping and code injections. Newly deployed sensors are assigned this policy by default. It is the recommended starting point for new deployments.	Review and refine the Standard policy rules to avoid unnecessary blocks or false positives that are triggered by in-house or custom software applications, which may have reputations that the Carbon Black Cloud does not recognize.
Monitored	Monitors endpoint application activity and logs events to the Dashboard. This policy has no preventive capabilities.	Use the data that this policy provides to evaluate policy rule implementation needs.
Advanced	Extends the capabilities of the Standard policy. It blocks operations from system utilizing, and prevents from riskier behaviors that are more likely to be false positives.	Use a phased roll-out approach to implement any new or Advanced policy rules. We recommend assigning Advanced policies to a group of pilot endpoints, and watching for false positives or blocks on legitimate software before rolling them out to more endpoints.