Endpoint Protection

 View Only
  • 1.  SEPM 14 Export ADC Policy Human Readable

    Posted Nov 25, 2020 03:13 PM
    How do I export or otherwise obtain our current Application and Device Control policy settings, or, more specifically, the Device Control portion of it in human readable form?  I need to audit our "Blocked Devices" and "Devices Excluded from Blocking" settings in a format that allows for advanced functionality such as "find."

    SEPM 14.2 RU2 MP1
    build 5569
    14.2.5569.2100


  • 2.  RE: SEPM 14 Export ADC Policy Human Readable
    Best Answer

    Posted Nov 25, 2020 03:22 PM
    My first few searches didn't turn up anything useful, but I finally came across this which solves it:

    https://community.broadcom.com/symantecenterprise/communities/community-home/digestviewer/viewthread?MessageKey=94c94640-46bb-4f10-aa44-e26cda2f2068&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=digestviewer

    Export the policy to .dat file, rename .dat to .zip, read the .xml file in the .zip.


  • 3.  RE: SEPM 14 Export ADC Policy Human Readable

    Posted Nov 30, 2020 07:10 AM
    The DAT to ZIP to XML method, while viable, does not result in very elegant output.  I'd look into using the API and formatting per your requirements.

    ------------------------------
    Principal Cyber Security Engineer
    ------------------------------



  • 4.  RE: SEPM 14 Export ADC Policy Human Readable

    Posted Nov 30, 2020 06:59 PM
    Yes, agreed DAT to XML is better than nothing, by a narrow margin.  Could you point me to any useful resources for API usage?


  • 5.  RE: SEPM 14 Export ADC Policy Human Readable

    Posted Dec 03, 2020 11:32 AM
    Utilizing SEP API, this task can be easily scripted and automated (https://apidocs.symantec.com/home/SAEP).

    PowerShell Example:
    $global:getAppDevControl = @()
    $Method = "GET"
    $Url = "https://"+$global:SEPM+":8446/sepm/api/v1/policies/summary/adc"
    $global:ContentType = 'application/json'
    $global:getAppDevControl = (Invoke-RestMethod -Uri $Url -Method $Method -Headers $global:Header -ContentType $global:ContentType).content
    The API docs will walk you through configuring the API header with your bearer token, which is returned during authorization.  Configure $global:SEPM as your SEPM IP address.

    After, you can dig in to policy details by cycling through the $global:getAppDevControl object id's.
    $global:getAppDevControl | ForEach-Object {
    Write-Host "Policy Name: " + $_.name
    $global:policyDetailID = $_.id
    $Url = "https://"+$global:SEPM+":8446/sepm/api/v1/policies/adc/"+$global:policyDetailID
    $global:policyConfig = (Invoke-RestMethod -Uri $Url -Method $Method -Headers $global:Header -ContentType $global:ContentType)
    
    #Output
    Write-Host $global:policyConfig
    }​

    ​You can cycle through any nested objects the same way, as needed.


  • 6.  RE: SEPM 14 Export ADC Policy Human Readable

    Posted Oct 08, 2021 05:52 PM
    API would be better, but I keep getting 404s when querying /sepm/api/v1/policies/adc/{id}.  I'm using the correct ID, from /sepm/api/v1/summary/adc.  Any ideas?  I've tried entering the ID with and without curly braces.  The Symantec documentation on this is nearly unreadable.  I'm doing this from SoapUI, but I don't mind powershell--just can't figure out how to use my auth token in your code sample above