Configure Application Control for a Policy
Configure the Application Control module to define its behavior for a policy. Generally, use the following steps to configure the module:
- Create an
ApplicationControlPolicyExtensionobject and add the Ruleset IDs to use. Also configure the running state (on or off). - Create an
PolicySettingsobject to configure runtime settings of the module. - Create a
Policyobject and add theApplicationControlPolicyExtensionandPolicySettingsobjects. - Use a
PoliciesApiobject to add or update the policy on Deep Security Manager.
For more information about Deep Security application control, see Deep Security Help Center.
Example: Turn on application control
The following example code creates an ApplicationControlPolicyExtension object and turns on application control. The object is added to a Policy object which is used to modify a policy on Deep Security Manager.
Python
def configure_application_control(api, configuration, api_version, api_exception, policy_id):
""" Modifies a policy to set the application control state to on.
:param api: The Deep Security API modules.
:param configuration: Configuration object to pass to the api client.
:param api_version: The version of the API to use.
:param api_exception: The Deep Security API exception module.
:param policy_id: The ID of the policy to modify.
:return: A PoliciesApi object that contains the ID of the modified policy.
"""
# Get the policy
policies_api = api.PoliciesApi(api.ApiClient(configuration))
# Turn on Application Control
application_control_policy_extension = api.ApplicationControlPolicyExtension()
application_control_policy_extension.state = "on"
# Update the policy
update_policy = api.Policy()
update_policy.application_control = application_control_policy_extension
# Modify the policy on Deep Security Manager
app_control_policy = policies_api.modify_policy(policy_id, update_policy, api_version, overrides=False)
return app_control_policy
JavaScript
/*
* Modifies a policy to set the Application Control state to ON.
* @param {ApiClient} api The Deep Security API exports.
* @param {String} policyID The ID of the policy to modify.
* @param {String} apiVersion The API version to use.
* @returns {Promise} A promise object that resolves to the ID of the modified policy.
*/
exports.configureApplicationControl = function (api, policyID, apiVersion) {
return new Promise((resolve, reject) => {
const policy = new api.Policy();
const policiesApi = new api.PoliciesApi();
const appControlPolicyExtension = new api.ApplicationControlPolicyExtension();
// Turn on application control
appControlPolicyExtension.state =
api.ApplicationControlPolicyExtension.StateEnum.on;
// Add to the policy
policy.applicationControl = appControlPolicyExtension;
// Send the change to Deep Security Manager
policiesApi.modifyPolicy(policyID, policy, apiVersion, { overrides: false })
.then(data => {
resolve(data);
})
.catch(function(error) {
reject(error);
});
});
};
Java
/*
* Turns on the Application Control module for a policy.
* @param policyId The ID of the policy to modify.
* @param dsmClient The ApiClient for the Deep Security Manager.
*/
public static void configureApplicationControl(Integer policyId){
// Get the policy to modify
PoliciesApi policiesApi = new PoliciesApi();
// Turn on ApplicationControl
ApplicationControlPolicyExtension appControlPolicyExtension = new ApplicationControlPolicyExtension();
appControlPolicyExtension.setState(ApplicationControlPolicyExtension.StateEnum.ON);
// Update the policy
Policy updatePolicy = new Policy();
updatePolicy.setApplicationControl(appControlPolicyExtension);
try {
// Update the policy on Deep Security Manager
policiesApi.modifyPolicy(policyId, updatePolicy, false, "v1");
} catch (ApiException e) {
e.printStackTrace();
}
}
Also see the Modify a Policy operation in the API Reference. For information about authenticating API calls, see Authenticate with Deep Security Manager.