Tools & utilities that use Deep Security's RESTful API, Ansible and other technologies for automation
[The Deep Security SDK(https://automation.deepsecurity.trendmicro.com/article/fr/python?platform=on-premise)
Choose a "Baseline" computer by ID or Hostname, the script will check the difference (Union - Intersection
) between the set of rules applied for all other computers that have Intrusion Prevention enabled and the baseline computer.
Processing...
Server A | 8 rules difference | Computer Group ID:0
Server B | 9 rules difference | Computer Group ID:0
Server C | 136 rules difference | Computer Group ID:0
Server D | 137 rules difference | Computer Group ID:44522
Use the assigned/recommended for assignment Intrusion Prevention rules to list the detected application types on a server.
COMPUTER: SERVER A
Detected Application Types:
[ 'Mail Server Common',
'OpenSSL Client',
'SSL Client',
'Web Application Common',
'Web Client Common',
'Web Client SSL',
'Web Server Common']
COMPUTER: SERVER B
Detected Application Types:
[ 'DCERPC Services',
'DCERPC Services - Client',
'SSL Client',
'Web Client Common',
'Web Client Internet Explorer/Edge',
'Web Client Mozilla Firefox',
'Web Client SSL',
'Web Server Common']
A quick-and-dirty proof of concept for deployment/activation of DS agents using ansible