受设备保护的虚拟机的策略(又名配置文件)分配和激活

policy (aka profile) assignment and activation for vms protected by appliance

在趋势科技深度安全防护系统 SOAP API (DSSOAP.ManagerService) 中,以下方法是否可以用于基于设备的保护?

securityProfileAssignToHost()
hostAgentActivate()

或仅用于基于代理的保护?如果仅针对基于代理的,是否在任何地方记录了该要求?

是的,您可以将这些方法用于受设备保护的对象。 (我作为 CSE 在趋势科技工作)

以下是如何在 PowerShell 中使用这些方法的基本示例:

param (
    [Parameter(Mandatory=$true, HelpMessage="FQDN and port for Deep Security Manager; ex dsm.example.com:443")][string]$manager,
    [Parameter(Mandatory=$true, HelpMessage="DeepSecurity Manager Username")][string]$user,
    [Parameter(Mandatory=$true, HelpMessage="HostID to activate")][string]$hostID,
    [Parameter(Mandatory=$true, HelpMessage="Policy ID to assign to Host")][string]$securityID,
    [Parameter(Mandatory=$false)][string]$tenant
)
$passwordinput = Read-host "Password for Deep Security Manager" -AsSecureString
$password = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($passwordinput))
[System.Net.ServicePointManager]::ServerCertificateValidationCallback={$true}
[Net.ServicePointManager]::SecurityProtocol += [Net.SecurityProtocolType]::Tls12
$DSMSoapService = New-WebServiceProxy -uri "https://$manager/webservice/Manager?WSDL" -Namespace "DSSOAP" -ErrorAction Stop
$DSM = New-Object DSSOAP.ManagerService
$SID = ""
try {
    if (!$tenant) {
        $SID = $DSM.authenticate($user, $password)
        }
    else {
        $SID = $DSM.authenticateTenant($tenant, $user, $password)
        }
}
catch {
    echo "An error occurred during authentication. Verify username and password and try again. `nError returned was: $($_.Exception.Message)"
    exit
}
$activateHost = $DSM.hostAgentActivate($hostID, $SID)
$assignPolicy = $DSM.securityProfileAssignToHost($securityID, $hostID, $SID)
$DSMSoapService.endSession($SID)