Create a policy

Create a policy that defines the behavior of the Deep Security modules that you are using, and that configures policy settings such as agent-manager communication, scanning behavior, logging, event retention, and network engine settings. After you create a policy you can assign it to one or more computers.

To create a policy you create a Policy object, set its properties to define behaviors, and then use the PoliciesApi class to add it to Deep Security Manager. Because policies are hierarchical, when creating a policy you need to indicate the ID of the parent policy. (Use an ID of 0 to create a top-level policy.)

The Policy object provides access to many policy properties:

  • The ID of the parent policy
  • The interfaces to which the policy applies rules
  • Whether to perform ongoing recommendation scans
  • Whether to automatically send policy changes to computers (AutoRequiresUpdate)
  • Policy settings
Tip:

To see the available policy properties, expand the 200 response to the Describe a Policy operation in the API Reference.

This example creates a policy below Base Policy. A search obtains Base Policy to obtain its ID, which is used as the parent of a new policy. (The creation of the search criteria and search filter is not shown.)

Language

Code

Python

View source

# Search for the Base Policy
policies_api = api.PoliciesApi(api.ApiClient(configuration))
policy_search_results = policies_api.search_policies(api_version, search_filter=search_filter)

# Set the parent ID of the new policy to the ID of the Base Policy
new_policy.parent_id = policy_search_results.policies[0].id

# Add the new policy to Deep Security Manager
created_policy = policies_api.create_policy(new_policy, api_version)

JavaScript

View source

// Performs the search
const searchPolicy = () => policiesApi.searchPolicies(apiVersion, searchOptions);
// Add the policy to Deep Security Manager
const createPolicy = data => {
  newPolicy.parentID = data.policies[0].ID;
  return policiesApi.createPolicy(newPolicy, apiVersion, { overrides: false });
};

searchPolicy()
  .then(createPolicy)
  .then(data => {
    resolve(data.ID);
  })
  .catch(error => {
    reject(error);
  });

Java

View source

// Perform the search
PoliciesApi policiesApi = new PoliciesApi();
Policies policies = policiesApi.searchPolicies(sf, Boolean.FALSE, apiVersion);

// Create and configure policy object
Policy policy = new Policy();
policy.setName(policyName);
policy.setDescription("Inherits from Base policy");
policy.setRecommendationScanMode(Policy.RecommendationScanModeEnum.OFF);
policy.setAutoRequiresUpdate(Policy.AutoRequiresUpdateEnum.ON);

// Set the ID of the parent policy
if (!policies.getPolicies().isEmpty()) {
    Integer id = policies.getPolicies().get(0).getID();
    policy.setParentID(id);

    // Create the policy
    return policiesApi.createPolicy(policy, Boolean.FALSE, apiVersion);
}

The Policy object that is created contains no module configurations or setting values. When the configurations and settings are omitted, the values are inherited from the parent policy. Therefore, the policy that is created inherits almost all behavior from the Base Policy. Also note that policy ID's are immutable, so if you know the ID of the policy you can just use it instead of searching.

To use the API to interact with policies, use the /api/policies endpoint. (See the Policies group of operations in the API Reference.)

For information about searching, see Search for Resources. For information about authenticating API calls, see Authenticate with Deep Security Manager.