If a user imports an improperly formatted JSON file containing multiple DENY or ALLOW policies, the following error message appears.
Image 1 - Import Error for the DENY policy
All 4.x EDR versions.
Possible causes are:
Manually enter a few EDR Deny or Allow list policies in the EDR. Then, export your the JSON policy to determine if your JSON file contains a "blacklist" or "whitelist" tags.
See example below.
Improperly formatted JSON example (See Image 1 above for resulting error)
JSON Code Snippet
"policy": {
"deny list": [
{
"target_value": "10.100.200.30",
"target_type": "ip"
},
{
"target_value": "badc0ffeedeadbeefbadc0ffeedeadbe",
"target_type": "md5"
},
{
"target_value": "badc0ffeedeadbeefbadc0ffeedeadbebadc0ffeedeadbeefbadc0ffeedeadbe",
"target_type": "sha256",
"target_file_size": 42433
},
{
"target_value": "baddomain.example.com/index.html",
"target_type": "url"
},
{
"target_value": "example.com",
"target_type": "domain"
}
],
"allow list": [
{
"target_value": "10.100.200.34",
"target_type": "ip"
},
{
"target_value": "badc0ffeedeadbeefbadc0ffeedeadbebadc0ffeedeadbeefbadc0ffeedeadbe",
"target_type": "sha256"
},
{
"target_value": "a.example.com/store",
"target_type": "url"
},
{
"target_value": "good.example.com",
"target_type": "domain"
}
]
Note: This policy code snippet may exist in our documentation.
In the above code snippet, the policy has the following issues:
1) the older "blacklist" and "whitelist" tags are not used
2) omitted a single open brace { at the beginning of the file.
3) Omitted two (2) closing braces } at the bottom of the file.
The corrections are highlighted in RED below: