Patch Unprotected Computers Examples: JavaScript

Find the Intrusion Prevention rule for a CVE example

View source

const getIpRules = () => {
  // Search criteria
  const cveCriteria = new api.SearchCriteria();
  cveCriteria.fieldName = "CVE";
  cveCriteria.stringValue = "%" + cveID + "%";
  cveCriteria.stringTest = api.SearchCriteria.StringTestEnum.equal;

  // Add criteria to a search filter
  const searchFilter = new api.SearchFilter();
  searchFilter.searchCriteria = [cveCriteria];

  // Add the search filter to a search options object
  const searchOptions = {
    searchFilter: searchFilter,
    overrides: false
  };

  // Perform the search
  const ipRulesApi = new api.IntrusionPreventionRulesApi();
  return ipRulesApi.searchIntrusionPreventionRules(apiVersion, searchOptions);
};

getIpRules()
  .then(ipRules => {
    // Iterate the rules and get the IDs
    for (let i = 0; i < ipRules.intrusionPreventionRules.length; i++) {
      ruleIDs.push(ipRules.intrusionPreventionRules[i].ID);
    }
    resolve(ruleIDs);
  })
  .catch(error => {
    reject(error);
  });

Find computers that are not protected against a CVE example

View source

let unprotected = [];
for (let i = 0; i < computers.computers.length; i++) {
  if (computers.computers[i].intrusionPrevention !== undefined) {
    const IDs = computers.computers[i].intrusionPrevention.ruleIDs;
    let found = false;
    if (IDs !== undefined) {
      for (let j = 0; j < IDs.length; j++) {
        if (IDs[j] === ruleID) {
          found = true;
          break;
        }
      }
    }
    if (!found) {
      unprotected.push(computers.computers[i]);
    }
  }
}

Add intrusion prevention rules to computers' policies example

View source

// Creates a policy that includes the Intrusion Prevention rules
// Rule is added to the currently assigned rules so they are not overwritten
const addRulesToPolicyObject = currentRules => {
  if (currentRules !== undefined) {
    currentRules.push(ruleID);
  } else {
    currentRules = [ruleID];
  }
  const intrusionPreventionPolicyExtension = new api.IntrusionPreventionPolicyExtension();
  intrusionPreventionPolicyExtension.ruleIDs = currentRules;

  const policy = new api.Policy();
  policy.intrusionPrevention = intrusionPreventionPolicyExtension;
  return policy;
};

getPolicy(computer.policyID)
  .then(policy => {
    const newPolicy = addRulesToPolicyObject(policy.intrusionPrevention.ruleIDs);
    resolve(sendPolicyToManager(computer.policyID, newPolicy));
  })
  .catch(error => {
    reject(error);
  });