Intrusion Prevention: Python Examples

IntrusionPreventionPolicyExtension example

Create an IntrusionPreventionPolicyExtension object to set the module state and assign rules:

ip_policy_extension = api.IntrusionPreventionPolicyExtension()
ip_policy_extension.state = "prevent"
ip_policy_extension.rule_ids = rule_ids

PolicySettings object example

Create a PolicySettings object to configure Intrusion Prevention-related settings. (For detailed information about policy settings, see Configure policy and default policy settings.) For example, you can automatically apply Intrusion Prevention rules that are found via recommendation scans:

policy_settings = api.PolicySettings()
setting_value = api.SettingValue()
setting_value.value = "yes"
policy_settings.intrusion_prevention_setting_auto_apply_recommendations_enables = setting_value

Modify policy example

At this point, the Intrusion Prevention policy extension and the policy settings are configured. Next, they are added to a Policy object. Then,use a PoliciesApi object to modify a policy on Deep Security Manager.

policy = api.Policy()
policy.IntrusionPrevention = ip_policy_extension
policy.policy_settings = policy_settings

policies_api = api.PoliciesApi(api.ApiClient(configuration))
modified_policy = policies_api.modify_policy(policy_id, policy, api_version)

Tip:

The policy_id (or policyID) parameter of modifyPolicy identifies the actual policy on Deep Security Manager that is to be modified. This policy is modified according to the policy object that is used as the policy parameter. Any properties of the policy parameter that are not set remain unchanged on the actual policy.

Complete policy configuration example

The following example code creates a PolicySettings object and sets the module state, assigns rules, and sets the value of the intrusionPreventionSettingAutoApplyRecommendationsEnables property to cause intrusion prevention to automatically apply rules found via recommendation scans. The object is added to a Policy object that is used to modify a policy.

View source

# Run in prevent mode
ip_policy_extension = api.IntrusionPreventionPolicyExtension()
ip_policy_extension.state = "prevent"

# Assign rules
ip_policy_extension.rule_ids = rule_ids

# Add to a policy
policy = api.Policy()
policy.IntrusionPrevention = ip_policy_extension

# Configure the setting
policy_settings = api.PolicySettings()
setting_value = api.SettingValue()
setting_value.value = "yes"
policy_settings.intrusion_prevention_setting_auto_apply_recommendations_enables = setting_value

# Add the setting to a policy
policy.policy_settings = policy_settings

# Modify the policy on Deep Security Manager
policies_api = api.PoliciesApi(api.ApiClient(configuration))
modified_policy = policies_api.modify_policy(policy_id, policy, api_version)

return modified_policy.id

Automation Center