Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Policy Controller API

    You must perform some initial configuration and setup activities through the Policy Enforcer UI before you begin using the Policy Controller API.

    1. Log into the Policy Enforcer UI and configure the threat prevention type. You can configure Policy Enforcer to run in the following modes based on the threat prevention type you select:
      • Cloud only or cloud feeds mode

      • Sky ATP mode

      • Sky ATP with Policy Enforcer mode

      For more information on configuring threat prevention types, see Policy Enforcer Administration Guide.

    2. Invoke the Config API with HTTP basic authentication using your Policy Enforcer server SSH user credentials, as shown in the following example:
      POST <context>/api/v1/controller/configs
                 Content-Type: application/json
                 Authorization: Basic <base 64 encoded 
                   (<ssh username of Policy Enforcer>:<ssh password of Policy Enforcer>)>
                
                "configs": {
                "sdsn": true, "cloudOnly": false,
                "ems": {"url": <URL of Security Director>, "username": "Policy Enforcer_user", 
                             "password": <ssh password of Policy Enforcer>},
                "restApi": {"username": <REST API username>, 
                             "password": <REST API password>}
                 }
      

      Based on the mode you have selected in the Policy Enforcer UI, you can specify the configuration using the Config API as follows:

      1. Cloud only or cloud feeds mode—You can configure Policy Enforcer in the cloud only or cloud feeds mode as follows:
        "configs": {
          "sdsn": false
          "cloudonly": true
        }
        
      2. Sky ATP mode—You can configure Policy Enforcer in the Sky ATP mode as follows:
        "configs": {
          "sdsn": false
          "cloudonly": false
        }
        
      3. Sky ATP with Policy Enforcer mode—You can configure Policy Enforcer in the Sky ATP with Policy Enforcer mode as follows:
        "configs": {
          "sdsn": true
          "cloudonly": false
        }
        

      Note: Ensure that the values of sdsn and cloudonly reflect the mode you have selected in the Policy Enforcer UI.

    3. You can also use your REST API user credentials for HTTP basic authentication to make any Policy Enforcer REST API calls. To do so, you must first create your REST API username and password. You can use any value as the username and password, for example, admin/admin or abcd/wxyz.

    Modified: 2018-02-20