Create a new prevention policy to define and enforce security rules for threat detection and prevention.

The following permissions are required to run this action:

  • Prevention policies: Read and Write.

External Documentation

To learn more, visit the CrowdStrike documentation.

Parameters

ParameterDescription
DescriptionAdditional details about the policy’s purpose or coverage.
NameThe name to assign to your new prevention policy.Note: The policy name must be unique for the specified platform.
Platform NameThe operating system this policy will target.
Policy SettingsAn array of security configuration options that define the policy behavior.For example:[ { "id": "AdditionalUserModeData", "value": { "enabled": true } }, { "id": "EndUserNotifications", "value": { "enabled": true } }]

Example Output

{
	"errors": [
		{
			"code": 0,
			"id": "string",
			"message": "string"
		}
	],
	"meta": {
		"pagination": {
			"limit": 0,
			"offset": 0,
			"total": 0
		},
		"powered_by": "string",
		"query_time": 0,
		"trace_id": "string",
		"writes": {
			"resources_affected": 0
		}
	},
	"resources": [
		{
			"cid": "The customer id associated with the policy",
			"created_by": "The email of the user which created the policy",
			"created_timestamp": "The time at which the policy was created",
			"description": "The description of a policy. Use this field to provide a high level summary of what this policy enforces",
			"enabled": false,
			"groups": [
				{
					"assignment_rule": "The assignment rule of a group",
					"created_by": "The email of the user which created the policy",
					"created_timestamp": "The time at which the policy was created",
					"description": "An additional description of the group or the devices it targets",
					"group_type": "The method by which this host group is managed",
					"id": "The identifier of this host group",
					"modified_by": "The email of the user which last modified the policy",
					"modified_timestamp": "The time at which the policy was last modified",
					"name": "The name of the group"
				}
			],
			"id": "The unique id of the policy",
			"ioa_rule_groups": [
				{
					"comment": "string",
					"committed_timestamp": "The last attempted time CFS got this data on the rule group",
					"created_by": "The email of the user which created the rule group",
					"created_timestamp": "The time at which the policy was created",
					"customer_id": "string",
					"deleted": false,
					"description": "An additional description of the group or the rules it contains",
					"enabled": false,
					"id": "The identifier of this IOA rule group",
					"modified_by": "The email of the user which last modified the rule group",
					"modified_timestamp": "The time at which the policy was last modified",
					"name": "The name of the group",
					"platform": "string",
					"rule_ids": [
						"string"
					],
					"version": 0
				}
			],
			"modified_by": "The email of the user which last modified the policy",
			"modified_timestamp": "The time at which the policy was last modified",
			"name": "The human readable name of the policy",
			"platform_name": "The name of the platform",
			"prevention_settings": [
				{
					"name": "The name of the category",
					"settings": [
						{
							"description": "The human readable description of the setting",
							"id": "The id of the setting",
							"name": "The name of the setting",
							"type": "The type of the setting which can be used as a hint when displaying in the UI",
							"value": {}
						}
					]
				}
			]
		}
	]
}

Workflow Library Example

Create Prevention Policy with Crowdstrike and Send Results Via Email

Preview this Workflow on desktop