Edit

Security

All features listed on this page are currently Windows only.

security.json is an optional file included in the root of the action that defines restrictions that the BrazenAgent service places on the Action while it executes.

Here is a full example security.json:

{
    "RestrictedToken": true,
    "MaxCPU": 5,
    "MaxBandwidth": 10000,
    "MaxMemory": 1024,
    "MaxProcessCount": 1,
    "IOPriority": "VeryLowIoPriority",
    "UILimitDesktop": true,
    "UILimitDisplaySettings": true,
    "UILimitExitWindows": true,
    "UILimitGlobalAtoms": true,
    "UILimitHandles": true,
    "UILimitReadClipboard": true,
    "UILimitSystemParameters": true,
    "UILimitWriteClipboard": true
}

You can use the Table of Contents on the right to navigate to a specific setting.

RestrictedToken

Type: bool

Example:

{
    "RestrictedToken": true
}

Modifies the access token of the process to disable most of its privileges. Be aware that the action will be severely restricted in what it can do. For more information, refer to Microsoft's documentation on Restricted Tokens

On a windows system, the SeChangeNotify privilege will remain functional. This allows the process to be notified of changes to files or directories.

MaxCPU

Type: Integer

Example:

{
    "MaxCPU": 20
}

Sets the maximum CPU Percentage that the Action is allowed to use.

MaxBandwidth

Type: Integer

Example:

{
    "MaxBandwidth": 10000
}

Sets the maximum bandwidth for outgoing network traffic in bytes/second.

MaxMemory

Future Feature

MaxProcessCount

Future Feature

IOPriority

Type: String

Example:

{
    "IOPriority": "VeryLowIoPriority"
}

Sets the priority of the process. Valid values are:

  • VeryLowIoPriority

  • LowIoPriority

  • DefaultIoPriority

  • HighIoPriority

  • CriticalIoPriority

UILimitDesktop

Type: bool

Example:

{
    "UILimitDesktop": true
}

Prevents the Action from creating or switching Desktops.

UILimitDisplaySettings

Type: bool

Example:

{
    "UILimitDisplaySettings" : true
}

Prevents the action from changing the display settings.

UILimitExitWindows

Type: bool

Example:

{
    "UILimitExitWindows" : true
}

Prevents the Action from shutting down Windows.

UILimitGlobalAtoms

Type: bool

Example:

{
    "UILimitGlobalAtoms" : true
}

Prevents the action from accessing global atoms. When this is used, the action has its own atom table.

See Microsoft's documentation for more information on Windows Atom Tables

UILimitHandles

Type: bool

Example:

{
    "UILimitHandles" : true
}

Prevents the Action from using USER handles owned by processes not associated with the same Action.

UILimitReadClipboard

Type: bool

Example:

{
    "UILimitReadClipboard" : true
}

Prevents the Action from reading the clipboard.

UILimitSystemParameters

Type: bool

Example:

{
    "UILimitSystemParameters" : true
}

Prevents the action from modifying system parameters.

Example system parameters include:

  • Accessibility parameters

  • Desktop parameters

  • Icon parameters

  • Input parameters

  • Menu parameters

  • Power parameters

  • Screen saver parameters

  • Time-out parameters

  • UI effect parameters

  • Window parameters

For a more detailed description, see Microsoft's documentation on System Parameters.

UILimitWriteClipboard

Type: bool

Example:

{
    "UILimitWriteClipboard" : true
}

Prevents the Action from writing to the clipboard.

PreviousExecutionNextTroubleshooting

Last updated