Create Sensor Policies
System and policy administrators can create and edit security policies to better manage sensor security settings at scale.
In this topic:
Create a sensor policy
To create a new sensor policy, follow these steps:
Navigate to the System > Policies management screen.
Click Create policy. The Create Policy screen appears.
Give your policy a name and description (required).
Use the tabs on the left of the screen or scroll to configure the following security settings for the policy:
Anti-Malware
Exploit Protection
Fileless protection
Behavioral execution prevention
Predictive Ransomware Protection
Anti-Ransomware
App control
Endpoint Controls (if enabled)
Collection features
Endpoint UI Settings
Note
A green dot appears to the right of the tab name if changes were made. If a required field is left blank, a red icon appears to the right of the section name and you cannot save the policy.
Click Save & Publish.
Duplicate a policy
Policy administrators can create copies of existing policies using the duplicate policies feature. When an admin duplicates a policy, Cybereason creates a new policy with the identical security settings specified in the original policy. This functionality is useful when you want to create a new policy that is similar to an existing policy.
To duplicate a policy, follow these steps:
Navigate to the System > Policies management screen.
Hover over the name of the policy you want to duplicate, and click the duplicate policy icon.
The Cybereason platform creates a new policy with the same name as the original policy, followed by ‘(copy)’.
Make any modifications to the new policy, and click Save & Publish.
Assign the new policy to appropriate sensors.
Delete a policy
You can delete policies that are not applied to any groups from the System > Policies management screen.
To delete an unused policy, hover over the name of the policy you want to delete, and click the trash can icon.
Note
You cannot delete the Default or Legacy policies.