Intrusion Prevention: Java Examples

IntrusionPreventionPolicyExtension example

Create an IntrusionPreventionPolicyExtension object to set the module state and assign rules:

IntrusionPreventionPolicyExtension ipPolicyExtension = new IntrusionPreventionPolicyExtension();
ipPolicyExtension.setState(StateEnum.PREVENT);
ipPolicyExtension.setRuleIDs(ruleIDs);

PolicySettings object example

Create a PolicySettings object to configure Intrusion Prevention-related settings. (For detailed information about policy settings, see Configure policy and default policy settings.) For example, you can automatically apply Intrusion Prevention rules that are found via recommendation scans:

PolicySettings policySettings = new PolicySettings();
SettingValue settingValue = new SettingValue();
settingValue.setValue("Yes");
policySettings.setIntrusionPreventionSettingAutoApplyRecommendationsEnabled(settingValue);

Modify policy example

At this point, the Intrusion Prevention policy extension and the policy settings are configured. Next, they are added to a Policy object. Then,use a PoliciesApi object to modify a policy on Deep Security Manager.

Policy policy = new Policy();
policy.setIntrusionPrevention(ipPolicyExtension);
policy.setPolicySettings(policySettings);

PoliciesApi policiesApi = new PoliciesApi();
Policy modifiedPolicy = policiesApi.modifyPolicy(policyId, policy, Boolean.FALSE, apiVersion);
Tip:

The policy_id (or policyID) parameter of modifyPolicy identifies the actual policy on Deep Security Manager that is to be modified. This policy is modified according to the policy object that is used as the policy parameter. Any properties of the policy parameter that are not set remain unchanged on the actual policy.

Complete policy configuration example

The following example code creates a PolicySettings object and sets the module state, assigns rules, and sets the value of the intrusionPreventionSettingAutoApplyRecommendationsEnables property to cause intrusion prevention to automatically apply rules found via recommendation scans. The object is added to a Policy object that is used to modify a policy.

View source
// Run in prevent mode
IntrusionPreventionPolicyExtension ipPolicyExtension = new IntrusionPreventionPolicyExtension();
ipPolicyExtension.setState(StateEnum.PREVENT);

// Assign rules
ipPolicyExtension.setRuleIDs(ruleIDs);

// Add to a policy
Policy policy = new Policy();
policy.setIntrusionPrevention(ipPolicyExtension);

// Create a setting object and turn on automatic application of recommendation scans
PolicySettings policySettings = new PolicySettings();
SettingValue settingValue = new SettingValue();
settingValue.setValue("Yes");
policySettings.setIntrusionPreventionSettingAutoApplyRecommendationsEnabled(settingValue);

// Add to a policy
policy.setPolicySettings(policySettings);

// Update the policy on Deep Security Manager
PoliciesApi policiesApi = new PoliciesApi();
return policiesApi.modifyPolicy(policyId, policy, Boolean.FALSE, apiVersion).getID();