Configure Application Control for a Policy

Configure the Application Control module to define its behavior for a policy. Generally, use the following steps to configure the module:

  1. Create an ApplicationControlPolicyExtension object and add the Ruleset IDs to use. Also configure the running state (on or off).
  2. Create an PolicySettings object to configure runtime settings of the module.
  3. Create a Policy object and add the ApplicationControlPolicyExtension and PolicySettings objects.
  4. Use a PoliciesApi object to add or update the policy on Deep Security Manager.

For more information about Deep Security application control, see Deep Security Help Center.

Example: Turn on application control

The following example code creates an ApplicationControlPolicyExtension object and turns on application control. The object is added to a Policy object which is used to modify a policy on Deep Security Manager.

Python
def configure_application_control(api, configuration, api_version, api_exception, policy_id):
    """ Modifies a policy to set the application control state to on.

    :param api: The Deep Security API modules.
    :param configuration: Configuration object to pass to the api client.
    :param api_version: The version of the API to use.
    :param api_exception: The Deep Security API exception module.
    :param policy_id: The ID of the policy to modify.
    :return: A PoliciesApi object that contains the ID of the modified policy.
    """

    # Get the policy
    policies_api = api.PoliciesApi(api.ApiClient(configuration))

    # Turn on Application Control
    application_control_policy_extension = api.ApplicationControlPolicyExtension()
    application_control_policy_extension.state = "on"

    # Update the policy
    update_policy = api.Policy()
    update_policy.application_control = application_control_policy_extension

    try:
        # Modify the policy on Deep Security Manager
        app_control_policy = policies_api.modify_policy(policy_id, update_policy, api_version, overrides=False)
        return app_control_policy

    except api_exception as e:
        return "Exception: " + str(e)
JavaScript
/*
 * Modifies a policy to set the Application Control state to ON.
 * @param {ApiClient} api The Deep Security API exports.
 * @param {String} policyID The ID of the policy to modify.
 * @param {String} apiVersion The API version to use.
 * @returns {Promise} A promise object that resolves to the ID of the modified policy.
*/
exports.configureApplicationControl = function (api, policyID, apiVersion) {
  return new Promise((resolve, reject) => {
    const policy = new api.Policy();
    const policiesApi = new api.PoliciesApi();
    const appControlPolicyExtension = new api.ApplicationControlPolicyExtension();

    //Turn on application control
    appControlPolicyExtension.state =
      api.ApplicationControlPolicyExtension.StateEnum.on;

    //Add to the policy
    policy.applicationControl = appControlPolicyExtension;

    //Send the change to Deep Security Manager
    policiesApi.modifyPolicy(policyID, policy, apiVersion, { overrides: false })
      .then(data => {
        resolve(data);
      })
      .catch(function(error) {
        reject(error);
      });
  });
};
Java
/*
 * Turns on the Application Control module for a policy.
 * @param policyId The ID of the policy to modify.
 * @param dsmClient The ApiClient for the Deep Security Manager.
 */
public static void configureApplicationControl(Integer policyId){
  //Get the policy to modify
  PoliciesApi policiesApi = new PoliciesApi(); 
  
  //Turn on ApplicationControl
  ApplicationControlPolicyExtension appControlPolicyExtension = new ApplicationControlPolicyExtension();
  appControlPolicyExtension.setState(ApplicationControlPolicyExtension.StateEnum.ON);
  
  //Update the policy
  Policy updatePolicy = new Policy();
  updatePolicy.setApplicationControl(appControlPolicyExtension);
  try {
    //Update the policy on Deep Security Manager
    policiesApi.modifyPolicy(policyId, updatePolicy, false, "v1");
  } catch (ApiException e) {
    e.printStackTrace();
  }
}
For information about authenticating API calls, see Authenticate with Deep Security Manager.