Security

All features listed on this page are currently Windows only.

security.json is an optional file included in the root of the action that defines restrictions that the BrazenAgent service places on the Action while it executes.

Here is a full example security.json:

{
    "RestrictedToken": true,
    "MaxCPU": 5,
    "MaxBandwidth": 10000,
    "MaxMemory": 1024,
    "MaxProcessCount": 1,
    "IOPriority": "VeryLowIoPriority",
    "UILimitDesktop": true,
    "UILimitDisplaySettings": true,
    "UILimitExitWindows": true,
    "UILimitGlobalAtoms": true,
    "UILimitHandles": true,
    "UILimitReadClipboard": true,
    "UILimitSystemParameters": true,
    "UILimitWriteClipboard": true
}

You can use the Table of Contents on the right to navigate to a specific setting.

RestrictedToken

Type: bool

Example:

{
    "RestrictedToken": true
}

Modifies the access token of the process to disable most of its privileges. Be aware that the action will be severely restricted in what it can do. For more information, refer to Microsoft's documentation on Restricted Tokens

On a windows system, the SeChangeNotify privilege will remain functional. This allows the process to be notified of changes to files or directories.

MaxCPU

Type: Integer

Example:

{
    "MaxCPU": 20
}

Sets the maximum CPU Percentage that the Action is allowed to use.

MaxBandwidth

Type: Integer

Example:

{
    "MaxBandwidth": 10000
}

Sets the maximum bandwidth for outgoing network traffic in bytes/second.

MaxMemory

Future Feature

MaxProcessCount

Future Feature

IOPriority

Type: String

Example:

{
    "IOPriority": "VeryLowIoPriority"
}

Sets the priority of the process. Valid values are:

VeryLowIoPriority
LowIoPriority
DefaultIoPriority
HighIoPriority
CriticalIoPriority

UILimitDesktop

Type: bool

Example:

{
    "UILimitDesktop": true
}

Prevents the Action from creating or switching Desktops.

UILimitDisplaySettings

Type: bool

Example:

{
    "UILimitDisplaySettings" : true
}

Prevents the action from changing the display settings.

UILimitExitWindows

Type: bool

Example:

{
    "UILimitExitWindows" : true
}

Prevents the Action from shutting down Windows.

UILimitGlobalAtoms

Type: bool

Example:

{
    "UILimitGlobalAtoms" : true
}

Prevents the action from accessing global atoms. When this is used, the action has its own atom table.

See Microsoft's documentation for more information on Windows Atom Tables

UILimitHandles

Type: bool

Example:

{
    "UILimitHandles" : true
}

Prevents the Action from using USER handles owned by processes not associated with the same Action.

UILimitReadClipboard

Type: bool

Example:

{
    "UILimitReadClipboard" : true
}

Prevents the Action from reading the clipboard.

UILimitSystemParameters

Type: bool

Example:

{
    "UILimitSystemParameters" : true
}

Prevents the action from modifying system parameters.

Example system parameters include:

Accessibility parameters
Desktop parameters
Icon parameters
Input parameters
Menu parameters
Power parameters
Screen saver parameters
Time-out parameters
UI effect parameters
Window parameters

For a more detailed description, see Microsoft's documentation on System Parameters.

UILimitWriteClipboard

Type: bool

Example:

{
    "UILimitWriteClipboard" : true
}

Prevents the Action from writing to the clipboard.

PreviousExecution NextTroubleshooting

Last updated 3 years ago

hashtagRestrictedToken

hashtagMaxCPU

hashtagMaxBandwidth

hashtagMaxMemory

hashtagMaxProcessCount

hashtagIOPriority

hashtagUILimitDesktop

hashtagUILimitDisplaySettings

hashtagUILimitExitWindows

hashtagUILimitGlobalAtoms

hashtagUILimitHandles

hashtagUILimitReadClipboard

hashtagUILimitSystemParameters

hashtagUILimitWriteClipboard

RestrictedToken

MaxCPU

MaxBandwidth

MaxMemory

MaxProcessCount

IOPriority

UILimitDesktop

UILimitDisplaySettings

UILimitExitWindows

UILimitGlobalAtoms

UILimitHandles

UILimitReadClipboard

UILimitSystemParameters

UILimitWriteClipboard