Configure Computers to Override Policies

Discover overrides that have been configured for a computer, and configure a computer to override the behavior of security modules as configured by the computer’s policy.

Override a policy setting on a computer only when you are certain that the override is unique for that computer. As much as possible, you should use policies to configure security and avoid overrides:

  • Policies can be assigned to multiple computers, so you can re-use configuration work.
  • Policies are more easily managed than computer overrides.

Discover overrides

To discover the overrides that are configured for a computer, use any method or function that returns the computer with the overrides parameter set to true.  As described in The overrides parameter, the Computer object that is returned contains values only for the properties that are overrides. All other property values are null.

All properties of a Computer object can be overridden, except for the name and description.

When there are no overrides, all properties of the object are null. Check for a null ID to quickly determine if there are no overrides.

Rule overrides

A rule that is applied to a computer is considered an override when the rule has been modified at the computer level to be different than the original rule.

Simply assigning a rule to a computer is not considered an override:

  • When a rule is assigned to a computer and the rule is not assigned to the computer’s policy, the rule is not considered an override.
  • When a rule is assigned to a computer’s policy and the same rule is applied to the computer and is unchanged, the rule is not considered an override.

Example: Get the overrides for a computer

/*
 * Obtains a Computer object that contains only overrides.
 * @param comptuerId The ID of the computer.
 */
public static Computer getComputerOverrides(Integer computerId) {
	ComputersApi computersApi = new ComputersApi();
	Computer computer = null;
	try {
		//Set the overrides parameter to true
		computer = computersApi.describeComputer(computerId, true, "v1");
	} catch (ApiException e) {
		e.printStackTrace();
	}
	return computer;
}

Configure computer overrides

The following types of classes provide access to the properties that you can override:

  • Classes that represent computer-level extensions of a protection module, such as FirewallComputerExtension. These classes control the behavior of protection modules for a computer and override the settings of the policy-level extension classes such as  FirewallPolicyExtension.
  • The ComputerSettings class provides access to protection module settings that are applied at the computer level. This class overrides the settings of the PolicySettings class of the computer’s policy.

For more information about  the policy-level configuration classes, such as FirewallPolicyExtension and PolicySettings, see Protection module and policy classes.

Use the following general steps to configure an override for a computer:

  1. Create a computer-level extension object for a protection module and configure the settings to override.
  2. Create a ComputerSettings object and configure the settings to override.
  3. Add the computer-level extension object and ComputerSettings object to a Computer object.
  4. Use ComputersApi to modify the computer on Deep Security Manager.

Example: Override reconnaissance scans for a computer

/*
 * Overrides a computer to enable Firewall reconnaissance scan.
 * @param computerId The ID of the computer to override.
 * @return A Computer object that contains only overrides.
 */
public static Computer overrideReconnaissanceScan(Integer computerId){	
	Computer overriddenComputer = null; 
	
	//Turn on Reconnaissance Scan
	ComputerSettings computerSettings = new ComputerSettings();
	SettingValue settingValue = new SettingValue();
	settingValue.setValue("false");
	computerSettings.setFirewallSettingReconnaissanceEnabled(settingValue);
	
	//Add to a computer object
	Computer computer = new Computer();
	computer.setComputerSettings(computerSettings);
	
	//Send the changes to Deep Security Manager
	ComputersApi computersApi = new ComputersApi();
	try {
		overriddenComputer = computersApi.modifyComputer(computerId, computer, true, "v1");
	} catch (ApiException e) {
		e.printStackTrace();
	}				
	return overriddenComputer;
}