create_policy
Define evidence storage paths, compression, encryption, and CPU limits for digital forensics policies across Windows, Linux, and macOS systems.
Instructions
Create a new policy with specific storage and compression settings
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| compression | Yes | Compression and encryption settings | |
| cpu | No | CPU usage limits | |
| name | Yes | Name for the new policy | |
| organizationIds | No | Organization IDs to associate with policy. Defaults to [0]. | |
| saveTo | Yes | Configuration for where to save evidence | |
| sendTo | Yes | Configuration for where to send evidence |
Input Schema (JSON Schema)
{
"properties": {
"compression": {
"description": "Compression and encryption settings",
"properties": {
"enabled": {
"description": "Whether compression is enabled",
"type": "boolean"
},
"encryption": {
"properties": {
"enabled": {
"description": "Whether encryption is enabled",
"type": "boolean"
},
"password": {
"description": "Password for encryption when enabled",
"type": "string"
}
},
"required": [
"enabled"
],
"type": "object"
}
},
"required": [
"enabled",
"encryption"
],
"type": "object"
},
"cpu": {
"description": "CPU usage limits",
"properties": {
"limit": {
"description": "CPU usage limit percentage (1-100)",
"type": "number"
}
},
"type": "object"
},
"name": {
"description": "Name for the new policy",
"type": "string"
},
"organizationIds": {
"description": "Organization IDs to associate with policy. Defaults to [0].",
"oneOf": [
{
"items": {
"type": "number"
},
"type": "array"
},
{
"items": {
"type": "string"
},
"type": "array"
},
{
"type": "number"
},
{
"type": "string"
}
]
},
"saveTo": {
"description": "Configuration for where to save evidence",
"properties": {
"linux": {
"properties": {
"location": {
"description": "Storage location for Linux (e.g., \"local\")",
"type": "string"
},
"path": {
"description": "Path for evidence storage on Linux",
"type": "string"
},
"tmp": {
"description": "Temporary folder path for Linux",
"type": "string"
},
"useMostFreeVolume": {
"description": "Whether to use volume with most free space",
"type": "boolean"
},
"volume": {
"description": "Volume to use for Linux (e.g., \"/\")",
"type": "string"
}
},
"required": [
"location",
"path",
"useMostFreeVolume",
"volume"
],
"type": "object"
},
"macos": {
"properties": {
"location": {
"description": "Storage location for macOS (e.g., \"local\")",
"type": "string"
},
"path": {
"description": "Path for evidence storage on macOS",
"type": "string"
},
"tmp": {
"description": "Temporary folder path for macOS",
"type": "string"
},
"useMostFreeVolume": {
"description": "Whether to use volume with most free space",
"type": "boolean"
},
"volume": {
"description": "Volume to use for macOS (e.g., \"/\")",
"type": "string"
}
},
"required": [
"location",
"path",
"useMostFreeVolume",
"volume"
],
"type": "object"
},
"windows": {
"properties": {
"location": {
"description": "Storage location for Windows (e.g., \"local\")",
"type": "string"
},
"path": {
"description": "Path for evidence storage on Windows",
"type": "string"
},
"tmp": {
"description": "Temporary folder path for Windows",
"type": "string"
},
"useMostFreeVolume": {
"description": "Whether to use volume with most free space",
"type": "boolean"
},
"volume": {
"description": "Volume to use for Windows (e.g., \"C:\")",
"type": "string"
}
},
"required": [
"location",
"path",
"useMostFreeVolume",
"volume"
],
"type": "object"
}
},
"required": [
"windows",
"linux",
"macos"
],
"type": "object"
},
"sendTo": {
"description": "Configuration for where to send evidence",
"properties": {
"location": {
"description": "Location to send evidence to (e.g., \"user-local\")",
"type": "string"
}
},
"required": [
"location"
],
"type": "object"
}
},
"required": [
"name",
"saveTo",
"compression",
"sendTo"
],
"type": "object"
}