Apply Recommendations

The API provides access to the recommendation scan results that have been made for a computer for the integrity monitoring, intrusion prevention, and log inspection modules. Use a ComputerIntrusionPreventionAssignmentsRecommendationsApi object to obtain an IntrusionPreventionAssignments object for a computer. The IntrusionPreventionAssignments object contains and provides access to the recommendations for that computer:

  • Recommended rules to assign and unassign
  • Scan status
  • When the last scan occurred

After you obtain the rule recommendations, you can apply them to computer policies, as illustrated in the Add intrusion prevention rules to computers’ policies example.

When there has been no recommendation scan performed on a computer, ComputerIntrusionPreventionAssignmentsRecommendationsApi returns null for rule IDs and the last scan occurrence.

Similar classes are provided for the integrity monitoring and log inspection modules:

  • ComputerIntegrityMonitoringAssignmentsRecommendationsApi and IntegrityMonitoringAssignments
  • ComputerLogInspectionAssignmentsRecommendationsApi and LogInspectionAssignments

The following example obtains the recommendations for Intrusion Prevention for a computer.

Python

View source

ip_recommendations_api = api.ComputerIntrusionPreventionRuleAssignmentsRecommendationsApi(api.ApiClient(configuration))
ip_assignments = None

try:
    ip_assignments = ip_recommendations_api.list_intrusion_prevention_rule_ids_on_computer(computer_id, api_version, overrides=False)
    return ip_assignments.recommended_to_assign_rule_ids

except api_exception as e:
    return "Exception: " + str(e)
JavaScript

View source

// Obtains the results of the recommendation scan
const getRecommendations = () => {
  const ipRecosApi = new api.ComputerIntrusionPreventionRuleAssignmentsRecommendationsApi();
  return ipRecosApi.listIntrusionPreventionRuleIDsOnComputer(computerID, apiVersion, { overrides: false });
};

getRecommendations()
  .then(ipAssignments => {
    // Resolve the recommended rules
    resolve(ipAssignments.assignedRuleIDs);
  })
  .catch(error => {
    reject(error);
  });
Java

View source

ComputerIntrusionPreventionRuleAssignmentsRecommendationsApi ipRecosApi = new ComputerIntrusionPreventionRuleAssignmentsRecommendationsApi();
IntrusionPreventionAssignments ipAssignments = null;
ipAssignments = ipRecosApi.listIntrusionPreventionRuleIDsOnComputer(computerID, Boolean.FALSE, apiVersion);
For information about authenticating API calls, see Authenticate with Deep Security Manager.