Configure Computers to Override Policies

Discover overrides that have been configured for a computer, and configure a computer to override the behavior of security modules as configured by the computer’s policy.

Override a policy setting on a computer only when you are certain that the override is unique for that computer. As much as possible, you should use policies to configure security and avoid overrides:

  • Policies can be assigned to multiple computers, so you can re-use configuration work.
  • Policies are more easily managed than computer overrides.

Discover overrides

To discover the overrides that are configured for a computer, use any method or function that returns the computer with the overrides parameter set to true.  As described in About the overrides parameter, the Computer object that is returned contains values only for the properties that are overrides. All other property values are null.

All properties of a Computer object can be overridden, except for the name and description.

When there are no overrides, all properties of the object are null. Check for a null ID to quickly determine if there are no overrides.

The following example gets the overrides for a computer

Python

source

# Get the Computer object with overrides set to True
computers_api = api.ComputersApi(api.ApiClient(configuration))

return computers_api.describe_computer(computer_id, api_version, expand=expand.list(), overrides=True)
JavaScript

source

const computersApi = new api.ComputersApi();
const opts = {
  overrides: true,
  expand: expand.list()
};
return computersApi.describeComputer(computerID, apiVersion, opts);
Java

source

ComputersApi computersApi = new ComputersApi();

// Set the overrides parameter to true
return computersApi.describeComputer(computerId, expand.list(), Boolean.TRUE, apiVersion);

Configure computer overrides

The following types of classes provide access to the properties that you can override:

  • Classes that represent computer-level extensions of a protection module, such as FirewallComputerExtension. These classes control the behavior of protection modules for a computer and override the settings of the policy-level extension classes such as  FirewallPolicyExtension.
  • The ComputerSettings class provides access to protection module settings that are applied at the computer level. This class overrides the settings of the PolicySettings class of the computer’s policy.
    For a list of computer settings, see Default policy, policy, and computer settings in the Settings Reference.

For more information about  the policy-level configuration classes, such as FirewallPolicyExtension and PolicySettings, see the following guides:

Use the following general steps to configure an override for a computer:

  1. Create a computer-level extension object for a protection module and configure the settings to override.
  2. Create a ComputerSettings object and configure the settings to override.  To set the value of a setting, create a SettingValue object, set the value (all values are strings), and add it to the ComputerSettings object. When settings accept one value from a list of choices, you can either use the ID of the choice or the exact wording of the choice as it appears in the Deep Security Manager console.
  3. Add the computer-level extension object and ComputerSettings object to a Computer object.
  4. Use ComputersApi to modify the computer on Deep Security Manager.

The following example overrides reconnaissance scans for a computer

Python

source

# Set the Reconnaissance Scan value
setting_value = api.SettingValue()
setting_value.value = "false"

# Add the SettingValue to a ComputerSettings object
computer_settings = api.ComputerSettings()
computer_settings.firewall_setting_reconnaissance_enabled = setting_value

# Add the ComputerSettings object to a Computer object
computer = api.Computer()
computer.computer_settings = computer_settings


try:
    # Apply the override to the computer
    computers_api = api.ComputersApi(api.ApiClient(configuration))

    return computers_api.modify_computer(computer_id, computer, api_version, overrides=True)

except api_exception as e:
    return "Exception: " + str(e)
JavaScript

source

const settingValue = new api.SettingValue();
settingValue.value = "false";

let computerSettings = new api.ComputerSettings();
computerSettings.firewallSettingReconnaissanceEnabled = settingValue;

let computer = new api.Computer();
computer.computerSettings = computerSettings;

let computersApi = new api.ComputersApi();
computersApi
  .modifyComputer(computerID, computer, apiVersion, { overrides: true })
  .then(modifiedComputer => {
    resolve(modifiedComputer.computerSettings);
  })
  .catch(error => {
    reject(error);
  });
Java

source

// Turn on Reconnaissance Scan
ComputerSettings computerSettings = new ComputerSettings();
SettingValue settingValue = new SettingValue();
settingValue.setValue("true");
computerSettings.setFirewallSettingReconnaissanceEnabled(settingValue);

// Add to a computer object
Computer computer = new Computer();
computer.setComputerSettings(computerSettings);

// Update on Deep Security Manager
ComputersApi computersApi = new ComputersApi();
computer = computersApi.modifyComputer(computerId, computer, Boolean.TRUE, apiVersion);

Rule overrides

A rule that is applied to a computer is considered an override when the rule has been modified at the computer level to be different than the original rule.

Simply assigning a rule to a computer is not considered an override:

  • When a rule is assigned to a computer and the rule is not assigned to the computer’s policy, the rule is not considered an override.
  • When a rule is assigned to a computer’s policy and the same rule is applied to the computer and is unchanged, the rule is not considered an override.