Configure Settings

It is important that you understand the types of settings, their scope, and how to configure them. Settings control many of the behaviors of protection modules and the Deep Security Manager platform. Therefore, many tasks that you automate using the API require you to configure settings.

Setting classes

The Deep Security SDKs provide several classes for storing settings. These classes are used to pass setting values between Deep Security Manager and SDK or API clients. Each class of settings has different scopes and purposes.

  • DefaultPolicySettings: Control certain behaviors of protection modules for top-level policies. Note that child policies inherit the settings of their parent policy unless they override them. Therefore, a DefaultPolicySettings setting is used by policies down the heirarchy until a policy overrides it.
  • PolicySettings: Control certain behaviors of protection modules at the policy level. These settings override the settings that are inherited from the parent policy or, for top-level policies, override the default policy settings.
  • ComputerSettings: Control certain behaviors of protection modules at the computer level. These settings override the policy settings of the policy that the computer is assigned.
  • SystemSettings: Control certain Deep Security Manager platform behaviors, protection module event severity and retention times, and Firewall connectivity test behaviors. These settings have a global scope and apply to the entire system. You cannot override system settings at the policy or computer level.

The settings of the DefaultPolicySettings, PolicySettings, and ComputerSettings classes are identical, with a few exceptions.

For more information about the policy hierarchy and inheritance, see Policies, inheritance, and overrides in the Deep Security Help Center.

Retrieve settings

The way you retrieve settings from Deep Security Manager depends on the setting class.

  • Default policy settings: Use aPoliciesApi object to get a DefaultPolicySettings object from the manager.
  • Policy settings: Use aPoliciesApi object to get a Policy object for a policy from the manager. Then, get aPolicySettings object from the Policy object.
  • Computer settings: Use aComputersApi object to get a Computer object from the manager. Then, get aComputerSettings object from the Computer object.
  • System settings: Use aSystemSettingsApi object to get a SystemSettings object from the manager.

Example: Get the Firewall network engine mode for a policy

def get_network_engine_mode(api, configuration, api_version, api_exception, policy_id):
    """ Gets the value of the firewall_setting_network_engine_mode property of a policy.

    :param api: The Deep Security API modules.
    :param configuration: Configuration object to pass to the api client.
    :param api_version: The version of the API to use.
    :param api_exception: The Deep Security API exception module.
    :param policy_id: The id of the policy to get the firewall_setting_network_engine_mode value from.
    :return: A string with the firewall_setting_network_engine_mode value.

    # Get the policy details from Deep Security Manager
    policies_api = api.PoliciesApi(api.ApiClient(configuration))

        policy = policies_api.describe_policy(policy_id, api_version, overrides=False)
        policy_settings = policy.policy_settings

        # Get the setting value
        network_engine_mode_value = policy_settings.firewall_setting_network_engine_mode

        return network_engine_mode_value

    except api_exception as e:
        return "Exception: " + str(e)
  * Retrieves the value of the FirewallSettingNetworkEngineMode property of a policy.
  * @param {Object} api The Deep Security API modules.
  * @param {String} policyID The ID of the policy.
  * @param {String} apiVersion The API version to use. 
  * @returns {Promise} A promise that resolves to the property value.
exports.getNetworkEngineMode = function(api, policyID, apiVersion) {
  return new Promise((resolve, reject) => {
    // Get the policy details from Deep Security Manager
    const policiesApi = new api.PoliciesApi();
    policiesApi.describePolicy(policyID, apiVersion, { overrides: false })
    .then( policy => {
      // Resolve the setting value
    .catch(error => {
 * Gets the value of the Network Engine Mode setting for a policy.
 * @param policyID The ID of the policy.
 * @returns A String that contains the setting value.
public static String getNetworkEngineMode(Integer policyID) {
	SettingValue networkEngineModeValue = null;
	PoliciesApi policiesApi = new PoliciesApi();
	try {
		Policy policy = policiesApi.describePolicy(policyID, false, "v1");
		PolicySettings policySettings = policy.getPolicySettings();
		networkEngineModeValue = policySettings.getFirewallSettingNetworkEngineMode();
	} catch (ApiException e) {
	return networkEngineModeValue.getValue();

Configure settings

For each class of settings, you create the settings object and set a value in the same way:

  1. Create a SettingValue object and set the value (all values are strings). When settings accept one value from a list of choices, you can either use the ID of the choice or the exact wording of the choice as it appears in the Deep Security Manager console.
  2. Create an object from the settings class (DefaultPolicySettings, PolicySettings, ComputerSettings, or SystemSettings).
  3. Set the value of the setting to the SettingValue object.

You can configure as many settings as required in the same settings object.

For each class of settings, the way you modify the setting on Deep Security Manager is slightly different:

  • Default policy settings: Use a PoliciesApi object to modify the DefaultPolicySettings object on the manager.
  • Policy settings: Add the PolicySettings object to a Policy object. Then, use the PoliciesApi class to modify the policy on the manager.
  • Computer settings: Add the ComputerSettings object to a Computer object. Then, use a ComputersApi object modify the Computer object on the manager.
  • System settings: Use a SystemSettings object to modify the SystemSettings object on the manager.

Deep Security Manager validates all modified settings before persisting the values. If one or more settings in the object is invalid, none of the modified settings are persisted. The error response includes the reason for each failure.

Deep Security Manager validates setting values one by one without considering possible interdependencies of the settings.

Example: Set the Firewall network engine mode to Inline for a policy

For an example of configuring a system setting, see Example: Set the maximum number of sessions for a user.

def set_network_engine_mode_to_inline(api, configuration, api_version, api_exception, policy_id):
    """ Sets the value of the firewall_setting_network_engine_mode property of a policy.

    :param api: The Deep Security API modules.
    :param configuration: Configuration object to pass to the api client.
    :param api_version: The version of the API to use.
    :param api_exception: The Deep Security API exception module.
    :param policy_id: The id of the policy to get the firewall_setting_network_engine_mode value from.
    :return: A PoliciesApi object with the modified policy.

    # Create a SettingValue object and set the value to either "Inline" or "Tap"
    network_engine_mode_value = api.SettingValue()
    network_engine_mode_value.value = "Inline"
    policies_api = api.PoliciesApi(api.ApiClient(configuration))

        # Create a policy and add the setting value
        policy = policies_api.describe_policy(policy_id, api_version)
        policy_settings = policy.policy_settings
        policy_settings.firewall_setting_network_engine_mode = network_engine_mode_value

        # Modify the policy on the Deep Security Manager.
        return policies_api.modify_policy(policy_id, policy, api_version, overrides=False)

    except api_exception as e:
        return "Exception: " + str(e)
  * Sets the value of the FirewallSettingNetworkEngineMode property of a policy to Inline.
  * @param {Object} api The Deep Security API modules.
  * @param {String} policyID The ID of the policy.
  * @param {String} apiVersion The API version to use. 
  * @returns {Promise} A promise that resolves to the new value of FirewallSettingNetworkEngineMode.
exports.setNetworkEngineModeToInline = function(api, policyID, apiVersion) {
  return new Promise((resolve, reject) => {
    // Setting value
    const networkEngineModeValue = new api.SettingValue();
    networkEngineModeValue.value = "Inline";
    // Set the value of the setting
    const policySettings = new api.PolicySettings();
    policySettings.firewallSettingNetworkEngineMode = networkEngineModeValue;
    // Create a policy and add the setting values
    const policy = new api.Policy();
    policy.policySettings = policySettings;
    // Modify the policy on Deep Security Manager.
    const policiesApi = new api.PoliciesApi();
    policiesApi.modifyPolicy(policyID, policy, apiVersion, { overrides: false })
    .then(returnedPolicy => {
    .catch(error => {
 * Sets the value of the Network Engine Mode setting for a policy.
 * @param policyID The ID of the policy.
public static void setNetworkEngineModeToInline(Integer policyID) {
	//Set the value to either Inline or Tap
	SettingValue networkEngineModeValue = new SettingValue();
	PolicySettings policySettings = new PolicySettings();
	Policy policy = new Policy();
	//Change the setting on Deep Security Manager
	PoliciesApi policiesApi = new PoliciesApi();
	try {
		policiesApi.modifyPolicy(policyID, policy, false, "v1");
	} catch (ApiException e) {

Settings reference

The following tables list the settings that are available in the API with a description.
Setting names are prefixed with platform or the name of the associated protection module. Suffixes can indicate the nature of the setting. For example, the Enabled suffix indicates a Boolean value.

We are continuously adding settings and improving the descriptions, so periodically check for updates.

Default policy, policy, and computer settings

The following table lists the settings that are included in default policy settings, policy settings, and computer settings. Note that these settings are included only in DefaultPolicySettings:

  • antiMalwareSettingState
  • applicationControlSettingState
  • firewallSettingState
  • integrityMonitoringSettingState
  • logInspectionSettingState
  • sapSettingState
  • webReputationSettingState
Setting Description
Anti-Malware Settings
antiMalwareSettingBehaviorMonitoringScanExclusionList Scan Exclusions for Suspicious Activity/Unauthorized Change
antiMalwareSettingCombinedModeProtectionSource Anti-Malware
antiMalwareSettingConnectedThreatDefenseSuspiciousFileDdanSubmissionEnabled Submit files identified as suspicious by Document Exploit Protection scanning to Deep Discovery Analyzer
antiMalwareSettingConnectedThreatDefenseUseControlManagerSuspiciousObjectListEnabled Use Control Manager’s Suspicious Object List
antiMalwareSettingDocumentExploitProtectionRuleExceptions Allowed Advanced Threat Detection Rules
antiMalwareSettingFileHashEnabled Calculate Hash values of all anti-malware events (at least SHA1 by default)
antiMalwareSettingFileHashMd5Enabled MD5
antiMalwareSettingFileHashSha256Enabled SHA256
antiMalwareSettingFileHashSizeMaxMbytes Skip hash values calculation if file size is large than (64MB~512MB)
antiMalwareSettingIdentifiedFilesSpaceMaxMbytes Maximum disk space used to store identified files
antiMalwareSettingMalwareScanMultithreadedProcessingEnabled Use multithreaded processing for Malware scans (if available)
antiMalwareSettingNsxSecurityTaggingEnabled Anti-Malware NSX Security Tagging State
antiMalwareSettingNsxSecurityTaggingOnRemediationFailureEnabled Anti-Malware NSX Only Tag on Failure to Remediate
antiMalwareSettingNsxSecurityTaggingRemoveOnCleanScanEnabled Anti-Malware NSX Remove Tag
antiMalwareSettingNsxSecurityTaggingValue Anti-Malware NSX Security Tag
antiMalwareSettingPredictiveMachineLearningExceptions Predictive Machine Learning Exclusion List
antiMalwareSettingScanCacheOnDemandConfigId Anti-Malware On Demand Scan Cache Configuration
antiMalwareSettingScanCacheRealTimeConfigId Anti-Malware Real-Time Scan Cache Configuration
antiMalwareSettingScanFileSizeMaxMbytes Maximum file size to scan
antiMalwareSettingSmartProtectionGlobalServerEnabled Use Global Smart Protection Service for Smart Scan
antiMalwareSettingSmartProtectionGlobalServerUseProxyEnabled Use Proxy when accessing Smart Protection Service for Smart Scan
antiMalwareSettingSmartProtectionLocalServerAllowOffDomainGlobal When off domain, connect to global Smart Protection Service. (Windows only)
antiMalwareSettingSmartProtectionLocalServerUrls Local Smart Protection Servers for Smart Scan
antiMalwareSettingSmartProtectionServerConnectionLostWarningEnabled Warn if connection to Smart Protection Server is lost
antiMalwareSettingSmartScanState Smart Scan State
antiMalwareSettingSpywareApprovedList Allowed Spyware/Grayware
antiMalwareSettingState (Default policy settings only) Anti-Malware State
antiMalwareSettingSyslogConfigId Anti-Malware Syslog Configuration
antiMalwareSettingVirtualApplianceOnDemandScanCacheEntriesMax Max On-Demand Malware Scan Cache Entries
antiMalwareSettingVirtualApplianceRealTimeScanCacheEntriesMax Max Real-Time Malware Scan Cache Entries
Application Control Settings
applicationControlSettingExecutionEnforcementLevel Enforcement:
applicationControlSettingRulesetMode Ruleset mode:
applicationControlSettingSharedRulesetId Shared Application Control Ruleset
applicationControlSettingState (Default policy settings only) Application Control State
applicationControlSettingSyslogConfigId Application Control Syslog Configuration
Firewall Settings
firewallSettingAntiEvasionCheckEvasiveRetransmit Evasive Retransmit
firewallSettingAntiEvasionCheckFinNoConnection FIN packet out of connection
firewallSettingAntiEvasionCheckFragmentedPackets Fragmented Packets
firewallSettingAntiEvasionCheckOutNoConnection Outgoing packet out of connection
firewallSettingAntiEvasionCheckPaws Invalid TCP Timestamps
firewallSettingAntiEvasionCheckRstNoConnection RST packet out of connection
firewallSettingAntiEvasionCheckTcpChecksum TCP Checksum
firewallSettingAntiEvasionCheckTcpCongestionFlags TCP Congestion Flags
firewallSettingAntiEvasionCheckTcpPawsZero Timestamp PAWS Zero Allowed
firewallSettingAntiEvasionCheckTcpRstFinFlags TCP Rst Fin Flags
firewallSettingAntiEvasionCheckTcpSplitHandshake TCP Split Handshake
firewallSettingAntiEvasionCheckTcpSynFinFlags TCP Syn Fin Flags
firewallSettingAntiEvasionCheckTcpSynRstFlags TCP Syn Rst Flags
firewallSettingAntiEvasionCheckTcpSynWithData TCP Syn with Data
firewallSettingAntiEvasionCheckTcpUrgentFlags TCP Urgent Flags
firewallSettingAntiEvasionCheckTcpZeroFlags TCP Zero Flags
firewallSettingAntiEvasionSecurityPosture Anti-Evasion Posture
firewallSettingAntiEvasionTcpPawsWindowPolicy TCP Timestamp PAWS Window
firewallSettingCombinedModeProtectionSource Firewall
firewallSettingConfigPackageExceedsAlertMaxEnabled Advanced – Generate an Alert when Agent configuration package exceeds maximum size
firewallSettingEngineOptionAckTimeout ACK Storm Timeout
firewallSettingEngineOptionAllowNullIpEnabled Allow Null IP
firewallSettingEngineOptionBlockIpv6Agent8AndEarlierEnabled Advanced – Block IPv6 on Agents and Appliances versions 8 and earlier
firewallSettingEngineOptionBlockIpv6Agent9AndLaterEnabled Advanced – Block IPv6 on Agents and Appliances verions 9 and later
firewallSettingEngineOptionBlockSameSrcDstIpEnabled Block Same Src-Dest IP Address
firewallSettingEngineOptionBootStartTimeout Boot Start Timeout
firewallSettingEngineOptionBypassCiscoWaasConnectionsEnabled Bypass Cisco WAAS Connections
firewallSettingEngineOptionCloseTimeout CLOSED Timeout
firewallSettingEngineOptionCloseWaitTimeout CLOSE_WAIT Timeout
firewallSettingEngineOptionClosingTimeout CLOSING Timeout
firewallSettingEngineOptionColdStartTimeout Cold Start Timeout
firewallSettingEngineOptionConnectionCleanupTimeout Connection Cleanup Timeout
firewallSettingEngineOptionConnectionsCleanupMax Maximum Connections per Cleanup
firewallSettingEngineOptionConnectionsNumIcmpMax Maximum ICMP Connections
firewallSettingEngineOptionConnectionsNumTcpMax Maximum TCP Connections
firewallSettingEngineOptionConnectionsNumUdpMax Maximum UDP Connections
firewallSettingEngineOptionDebugModeEnabled Enable Debug Mode
firewallSettingEngineOptionDebugPacketNumMax Number of Packets to retain in Debug Mode
firewallSettingEngineOptionDisconnectTimeout DISCONNECT Timeout
firewallSettingEngineOptionDrop6To4BogonsAddressesEnabled Drop 6to4 Bogon Addresses
firewallSettingEngineOptionDropEvasiveRetransmitEnabled Drop Evasive Retransmit
firewallSettingEngineOptionDropIpZeroPayloadEnabled Drop IP Packet with Zero Payload
firewallSettingEngineOptionDropIpv6BogonsAddressesEnabled Drop IPv6 Bogon Addresses
firewallSettingEngineOptionDropIpv6ExtType0Enabled Drop IPv6 Extension Type 0
firewallSettingEngineOptionDropIpv6FragmentsLowerThanMinMtuEnabled Drop IPv6 Fragments Lower Than minimum MTU
firewallSettingEngineOptionDropIpv6ReservedAddressesEnabled Drop IPv6 Reserved Addresses
firewallSettingEngineOptionDropIpv6SiteLocalAddressesEnabled Drop IPv6 Site Local Addresses
firewallSettingEngineOptionDropTeredoAnomaliesEnabled Drop Teredo Anomalies
firewallSettingEngineOptionDropUnknownSslProtocolEnabled Drop Unknown SSL Protocol
firewallSettingEngineOptionErrorTimeout ERROR Timeout
firewallSettingEngineOptionEstablishedTimeout ESTABLISHED Timeout
firewallSettingEngineOptionEventNodesMax Number of Event Nodes
firewallSettingEngineOptionFilterIpv4Tunnels Filter IPv4 Tunnels
firewallSettingEngineOptionFilterIpv6Tunnels Filter IPv6 Tunnels
firewallSettingEngineOptionFinWait1Timeout FIN_WAIT1 Timeout
firewallSettingEngineOptionForceAllowDhcpDns Force Allow DHCP DNS
firewallSettingEngineOptionForceAllowIcmpType3Code4 Force Allow ICMP type3 code4
firewallSettingEngineOptionFragmentOffsetMin Minimum Fragment Offset
firewallSettingEngineOptionFragmentSizeMin Minimum Fragment Size
firewallSettingEngineOptionGenerateConnectionEventsIcmpEnabled Generate Connection Events for ICMP
firewallSettingEngineOptionGenerateConnectionEventsTcpEnabled Generate Connection Events for TCP
firewallSettingEngineOptionGenerateConnectionEventsUdpEnabled Generate Connection Events for UDP
firewallSettingEngineOptionIcmpTimeout ICMP Timeout
firewallSettingEngineOptionIgnoreStatusCode0 Ignore Status Code
firewallSettingEngineOptionIgnoreStatusCode1 Ignore Status Code
firewallSettingEngineOptionIgnoreStatusCode2 Ignore Status Code
firewallSettingEngineOptionLastAckTimeout LAST_ACK Timeout
firewallSettingEngineOptionLogAllPacketDataEnabled Log All Packet Data
firewallSettingEngineOptionLogEventsPerSecondMax Maximum Events Per Second
firewallSettingEngineOptionLogOnePacketPeriod Period for Log only one packet within period
firewallSettingEngineOptionLogOnePacketWithinPeriodEnabled Log only one packet within period
firewallSettingEngineOptionLogPacketLengthMax Maximum data size to store when packet data is captured
firewallSettingEngineOptionLoggingPolicy Advanced Logging Policy
firewallSettingEngineOptionSilentTcpConnectionDropEnabled Silent TCP Connection Drop
firewallSettingEngineOptionSslSessionSize SSL Session Size
firewallSettingEngineOptionSslSessionTime SSL Session Time
firewallSettingEngineOptionStrictTerodoPortCheckEnabled Strict Teredo Port Check
firewallSettingEngineOptionSynRcvdTimeout SYN_RCVD Timeout
firewallSettingEngineOptionSynSentTimeout SYN_SENT Timeout
firewallSettingEngineOptionTcpMssLimit TCP MSS Limit
firewallSettingEngineOptionTunnelDepthMax Maximum Tunnel Depth
firewallSettingEngineOptionTunnelDepthMaxExceededAction Action if Maximum Tunnel Depth Exceeded
firewallSettingEngineOptionUdpTimeout UDP Timeout
firewallSettingEngineOptionVerifyTcpChecksumEnabled Verify TCP Checksum
firewallSettingEngineOptionsEnabled Use custom driver settings
firewallSettingEventLogFileCachedEntriesLifeTime Cache Lifetime
firewallSettingEventLogFileCachedEntriesNum Cache Size
firewallSettingEventLogFileCachedEntriesStaleTime Cache Stale time
firewallSettingEventLogFileIgnoreSourceIpListId Do not record events with source IP of
firewallSettingEventLogFileRetainNum Number of event log files to retain (on Agent/Appliance)
firewallSettingEventLogFileSizeMax Maximum size of the event log files (on Agent/Appliance)
firewallSettingEventsOutOfAllowedPolicyEnabled Generate Firewall Events for packets that are ‘Out Of Allowed Policy’
firewallSettingFailureResponseEngineSystem Network Engine System Failure
firewallSettingFailureResponsePacketSanityCheck Network Packet Sanity Check Failure
firewallSettingInterfaceIsolationEnabled Enable Interface Isolation
firewallSettingInterfaceLimitOneActiveEnabled Limit to one active interface
firewallSettingInterfacePatterns Interface Patterns
firewallSettingNetworkEngineMode Network Engine Mode
firewallSettingReconnaissanceBlockFingerprintProbeDuration Computer OS Fingerprint Probe – Block Traffic
firewallSettingReconnaissanceBlockNetworkOrPortScanDuration Network or Port Scan – Block Traffic
firewallSettingReconnaissanceBlockTcpNullScanDuration TCP Null Scan – Block Traffic
firewallSettingReconnaissanceBlockTcpSynFinScanDuration TCP SYNFIN Scan – Block Traffic
firewallSettingReconnaissanceBlockTcpXmasAttackDuration TCP Xmas Scan – Block Traffic
firewallSettingReconnaissanceDetectFingerprintProbeEnabled Computer OS Fingerprint Probe – Enabled
firewallSettingReconnaissanceDetectNetworkOrPortScanEnabled Network or Port Scan – Enabled
firewallSettingReconnaissanceDetectTcpNullScanEnabled TCP Null Scan – Enabled
firewallSettingReconnaissanceDetectTcpSynFinScanEnabled TCP SYNFIN Scan – Enabled
firewallSettingReconnaissanceDetectTcpXmasAttackEnabled TCP Xmas Scan – Enabled
firewallSettingReconnaissanceEnabled Reconnaissance Scan Detection – Enabled
firewallSettingReconnaissanceExcludeIpListId Reconnaissance Scan Detection – Do not perform detection on traffic coming from
firewallSettingReconnaissanceIncludeIpListId Reconnaissance Scan Detection – Computers/Networks on which to perform detection
firewallSettingReconnaissanceNotifyFingerprintProbeEnabled Computer OS Fingerprint Probe – Notify DSM Immediately
firewallSettingReconnaissanceNotifyNetworkOrPortScanEnabled Network or Port Scan – Notify DSM Immediately
firewallSettingReconnaissanceNotifyTcpNullScanEnabled TCP Null Scan – Notify DSM Immediately
firewallSettingReconnaissanceNotifyTcpSynFinScanEnabled TCP SYNFIN Scan – Notify DSM Immediately
firewallSettingReconnaissanceNotifyTcpXmasAttackEnabled TCP Xmas Scan – Notify DSM Immediately
firewallSettingState (Default policy settings only) Firewall State
firewallSettingVirtualAndContainerNetworkScanEnabled Scan container network traffic
Integrity Monitoring Settings
integrityMonitoringSettingAutoApplyRecommendationsEnabled Automatically assign/unassign recommended Integrity Monitoring Rules to Computer during Recommendation Scans
integrityMonitoringSettingCombinedModeProtectionSource Integrity Monitoring
integrityMonitoringSettingContentHashAlgorithm Integrity Monitoring Hash Algorithm
integrityMonitoringSettingCpuUsageLevel Integrity Monitoring CPU Usage Level:
integrityMonitoringSettingScanCacheConfigId Integrity Scan Cache Configuration:
integrityMonitoringSettingState (Default policy settings only) Integrity Monitoring State
integrityMonitoringSettingSyslogConfigId Integrity Monitoring Syslog Configuration
integrityMonitoringSettingVirtualApplianceOptimizationScanCacheEntriesMax Max Integrity Monitoring Scan Cache Entries
Intrusion Prevention Settings
intrusionPreventionSettingAutoApplyRecommendationsEnabled Automatically implement Recommendations
intrusionPreventionSettingCombinedModeProtectionSource Intrusion Prevention
intrusionPreventionSettingEngineOptionFragmentedIpKeepMax Maximum number of fragmented IP packets to keep
intrusionPreventionSettingEngineOptionFragmentedIpPacketSendIcmpEnabled Send ICMP to indicate fragmented packet timeout exceeded
intrusionPreventionSettingEngineOptionFragmentedIpTimeout Fragment Timeout
intrusionPreventionSettingEngineOptionFragmentedIpUnconcernedMacAddressBypassEnabled Bypass MAC addresses that don’t belong to host
intrusionPreventionSettingEngineOptionsEnabled Use custom driver settings
intrusionPreventionSettingLogDataRuleFirstMatchEnabled Allow Intrusion Prevention Rules to capture data for first hit of each rule (in period)
intrusionPreventionSettingNsxSecurityTaggingDetectModeLevel Detect Mode
intrusionPreventionSettingNsxSecurityTaggingPreventModeLevel Prevent Mode
intrusionPreventionSettingVirtualAndContainerNetworkScanEnabled Scan container network traffic
Log Inspection Settings
logInspectionSettingAutoApplyRecommendationsEnabled Automatically assign/unassign recommended Log Inspection Rules to Computer during Recommendation Scans
logInspectionSettingSeverityClippingAgentEventSendSyslogLevelMin Send Agent/Appliance events to syslog when they equal or exceed the following severity level
logInspectionSettingSeverityClippingAgentEventStoreLevelMin Store events at the Agent/Appliance for later retrieval by DSM when they equal or exceed the following severity level
logInspectionSettingState (Default policy settings only) Log Inspection State
logInspectionSettingSyslogConfigId Log Inspection Syslog Configuration
Platform Settings
platformSettingAutoUpdateAntiMalwareEngineEnabled Automatically update anti-malware engine
platformSettingCombinedModeNetworkGroupProtectionSource Network Combined Mode Affinity
platformSettingRelayState Relay State
platformSettingSmartProtectionAntiMalwareGlobalServerProxyId Use Proxy when accessing Smart Protection Service for Smart Scan
SAP Settings
sapSettingState (Default policy settings only) Configuration
Web Reputation Settings
webReputationSettingAlertingEnabled Alert
webReputationSettingAllowedUrlDomains Allowed Domain URLs
webReputationSettingAllowedUrls Allowed Page URLs
webReputationSettingBlockedUrlDomains Blocked Domain URLs
webReputationSettingBlockedUrlKeywords Blocked Keywords
webReputationSettingBlockedUrls Blocked Page URLs
webReputationSettingBlockingPageLink Blocked Page Link
webReputationSettingCombinedModeProtectionSource Web Reputation
webReputationSettingMonitorPortListId Ports to monitor
webReputationSettingSecurityBlockUntestedPagesEnabled Block Untested Pages
webReputationSettingSecurityLevel Security Level
webReputationSettingSmartProtectionGlobalServerUseProxyEnabled Use Proxy when accessing Smart Protection Service for Web Reputation
webReputationSettingSmartProtectionLocalServerAllowOffDomainGlobal When off domain, connect to global Smart Protection Service. (Windows only)
webReputationSettingSmartProtectionLocalServerEnabled Use Local Smart Protection Server for Web Reputation Service
webReputationSettingSmartProtectionLocalServerUrls Local Smart Protection Servers for Web Reputation
webReputationSettingSmartProtectionServerConnectionLostWarningEnabled Warn if connection to Smart Protection Server is lost
webReputationSettingSmartProtectionWebReputationGlobalServerProxyId Use Proxy when accessing Smart Protection Service for Web Reputation
webReputationSettingState (Default policy settings only) Web Reputation State
webReputationSettingSyslogConfigId Web Reputation Syslog Configuration

System settings

Setting Description
Anti-Malware Settings
antiMalwareSettingEventEmailBodyTemplate Email Template
antiMalwareSettingEventEmailEnabled Anti-Malware Email Notifications Enabled
antiMalwareSettingEventEmailRecipients Email Recipients
antiMalwareSettingEventEmailSubject Email Subject Text
antiMalwareSettingRetainEventDuration Automatically delete Anti-Malware Events older than
Application Control Settings
applicationControlSettingRetainEventDuration Automatically delete Application Control Events older than
applicationControlSettingServeRulesetsFromRelaysEnabled Serve application control rulesets from relays
Firewall Settings
firewallSettingEventRankSeverityDeny Deny
firewallSettingEventRankSeverityLogOnly Log Only
firewallSettingEventRankSeverityPacketRejection Packet Rejection
firewallSettingGlobalStatefulConfigId Global Firewall Stateful Configuration
firewallSettingInternetConnectivityTestExpectedContentRegex Regular Expression for returned content used to confirm Connectivity
firewallSettingInternetConnectivityTestInterval Test Interval
firewallSettingInternetConnectivityTestUrl URL for testing Internet Connectivity Status
firewallSettingIntranetConnectivityTestExpectedContentRegex Regular Expression for returned content used to confirm Intranet Connectivity
firewallSettingIntranetConnectivityTestUrl URL for testing Intranet Connectivity Status
firewallSettingRetainEventDuration Automatically delete Firewall Events older than
Integrity Monitoring Settings
integrityMonitoringSettingEventRankSeverityCritical Critical
integrityMonitoringSettingEventRankSeverityHigh High
integrityMonitoringSettingEventRankSeverityLow Low
integrityMonitoringSettingEventRankSeverityMedium Medium
integrityMonitoringSettingRetainEventDuration Automatically delete Integrity Monitoring Events older than
Intrusion Prevention Settings
intrusionPreventionSettingEventRankSeverityFilterCritical Critical
intrusionPreventionSettingEventRankSeverityFilterError Error
intrusionPreventionSettingEventRankSeverityFilterHigh High
intrusionPreventionSettingEventRankSeverityFilterLow Low
intrusionPreventionSettingEventRankSeverityFilterMedium Medium
intrusionPreventionSettingRetainEventDuration Automatically delete Intrusion Prevention Events older than
Log Inspection Settings
logInspectionSettingEventRankSeverityCritical Critical
logInspectionSettingEventRankSeverityHigh High
logInspectionSettingEventRankSeverityLow Low
logInspectionSettingEventRankSeverityMedium Medium
logInspectionSettingRetainEventDuration Automatically delete Log Inspection Events older than
Platform Settings
platformSettingActiveSessionsMax Number of concurrent sessions allowed per User
platformSettingActiveSessionsMaxExceededAction Action when concurrent session limit is exceeded
platformSettingDdanAutoSubmissionEnabled Enable automatic file submission
platformSettingDdanManualSourceApiKey API Key
platformSettingDdanManualSourceServerUrl Server URL (ex: “https://[server]/”)
platformSettingDdanProxyId Use Proxy when accessing Deep Discovery Analyzer
platformSettingDdanSourceOption Deep Discovery Analyzer Source
platformSettingDdanSubmissionEnabled Enable submission of suspicious files to Deep Discovery Analyzer
platformSettingDdanUseProxyEnabled When accessing Deep Discovery Analyzer, use proxy:
platformSettingPrimaryTenantAllowTenantAddVmwareVcenterEnabled Allow Tenants to add VMware vCenters
platformSettingPrimaryTenantAllowTenantConfigureSiemEnabled Allow Tenants to configure SIEM settings (If not checked, all Tenants use the settings located on the SIEM tab for ALL event types and syslog is relayed via the Manager)
platformSettingPrimaryTenantAllowTenantConfigureSnmpEnabled Allow Tenants to configure SNMP settings
platformSettingPrimaryTenantAllowTenantConfigureSnsEnabled Allow Tenants to configure SNS settings
platformSettingPrimaryTenantAllowTenantControlImpersonationEnabled Allow Tenants to control access from the Primary Tenant
platformSettingPrimaryTenantAllowTenantRunComputerDiscoveryEnabled Allow Tenants to run “Computer Discovery” (directly and as a Scheduled Task)
platformSettingPrimaryTenantAllowTenantRunPortScanEnabled Allow Tenants to run “Port Scan” (directly and as a Scheduled Task)
platformSettingPrimaryTenantAllowTenantSyncWithCloudAccountEnabled Allow Tenants to add with Cloud Accounts
platformSettingPrimaryTenantAllowTenantSynchronizeLdapDirectoriesEnabled Allow Tenants to synchronize with LDAP Directories
platformSettingPrimaryTenantAllowTenantUseDefaultRelayGroupEnabled Allow Tenants to use the Relays in my “Default Relay Group”
platformSettingPrimaryTenantAllowTenantUseScheduledRunScriptTaskEnabled Allow Tenants to use the “Run Script” Scheduled Task
platformSettingPrimaryTenantLockAndHideTenantDataPrivacyOptionEnabled Data Privacy options on the “Agents” Tab
platformSettingPrimaryTenantLockAndHideTenantSmtpTabEnabled All options on the “SMTP” Tab
platformSettingPrimaryTenantLockAndHideTenantStorageTabEnabled All options on the “Storage” Tab
platformSettingPrimaryTenantShareConnectedThreatDefensesEnabled Allow Tenants to use the Primary Tenant’s Trend Micro Control Manager and Deep Discovery Analyzer Server settings.
platformSettingPrimaryTenantShareManagedDetectResponsesEnabled Allow Tenants to use Primary Tenant’s Managed Detection and Response settings.
platformSettingRetainServerLogDuration Automatically delete Server Logs older than
platformSettingRetainSystemEventDuration Automatically delete System Events older than
platformSettingSyslogConfigId Forward System Events to a remote computer (via Syslog) using configuration
platformSettingTenantAllowImpersonationByPrimaryTenantEnabled Allow Primary Tenant access to my Deep Security Environment
platformSettingTenantAutoRevokeImpersonationByPrimaryTenantEnabled Automatically revoke Primary Tenant access after
platformSettingTenantAutoRevokeImpersonationByPrimaryTenantTimeout Automatically revoke Primary Tenant access after
platformSettingTenantUseDefaultRelayGroupFromPrimaryTenantEnabled Use the Primary Tenant Relay Group as my Default Relay Group
Web Reputation Settings
webReputationSettingEventRankRiskBlockedByAdministratorRank Blocked By Administrator
webReputationSettingEventRankRiskDangerous Dangerous
webReputationSettingEventRankRiskHighlySuspicious Highly Suspicious
webReputationSettingEventRankRiskSuspicious Suspicious
webReputationSettingEventRankRiskUntested Untested
webReputationSettingRetainEventDuration Automatically delete Web Reputation Events older than