Intel AMT Features > System Defense > Use Cases > Get Active and Enabled Policies
CollapseAll image

Get Active and Enabled Policies

The following steps describe how to get the active and enabled System Defense policies.

1.  Retrieve the enabled policies triggered by System Defense:

a.   Enumerate the instances of AMT_SystemDefensePolicy.

b.   For each instance of AMT_SystemDefensePolicy find AMT_NetworkPortSystemDefensePolicy association class.

c.    For each entry, examine the Active and Enabled properties to determine the status of the policy.

d.   For each enabled or active policy, invoke CIM_EthernetPort.Get using the EPR stored in the Antecedent property of AMT_NetworkPortSystemDefensePolicy. The instance property DeviceID identifies which network interface the instance applies to:

Key

Value

DeviceID

     “Intel(r) AMT Ethernet Port 0” – wired port

     “Intel(r) AMT Ethernet Port 1” – wireless port

e.   For each enabled or active policy, invoke AMT_SystemDefensePolicy.Get using the EPR stored in the Dependent property of AMT_NetworkPortSystemDefensePolicy.

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.

  

# Create a reference to the CIM_EthernetPort instance, select the wired interface.

$ethernetPortRef = $wsmanConnectionObject.NewReference("SELECT * FROM CIM_EthernetPort WHERE DeviceID='Intel(r) AMT Ethernet Port 0'")

$networkPortSystemDefensePolicyRef = $wsmanConnectionObject.NewReference("AMT_NetworkPortSystemDefensePolicy")

$networkPortSystemDefensePolicyRef.AddSelector("Antecedent", $ethernetPortRef)

# Traverse to the AMT_NetworkPortSystemDefensePolicy instances that are connected to the CIM_EthernetPort instance.

foreach($networkPortSystemDefensePolicyItem in $networkPortSystemDefensePolicyRef.Enumerate("http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter", $null))

{

    # For each instance, check if it is associated to the AMT_SystemDefensePolicy instance.

if($networkPortSystemDefensePolicyItem.Object.GetProperty("Dependent").IsA("AMT_SystemDefensePolicy"))

    {

          if(($networkPortSystemDefensePolicyItem.Object.GetProperty("Active") -like $true-or ($networkPortSystemDefensePolicyItem.Object.GetProperty("Enabled") -like $true))

          {

                # Get the AMT_SystemDefensePolicy object using its EPR.

                $systemDefensePolicyInstance = $networkPortSystemDefensePolicyItem.Object.GetProperty("Dependent").Ref.Get()

          }

    }

}

 

 

2.  Retrieve the enabled policies triggered by Agent Presence:

a.   Retrieve the instances of CIM_EthernetPort.

b.   For each entry get the AMT_AgentPresenceInterfacePolicy association class instances.

c.    For each entry returned, examine the Active and Enabled properties to determine the status of the policy.

 Note:

Identify the instances of CIM_EthernetPort with the DeviceID property.

d.   For each enabled or active policy, invoke AMT_SystemDefensePolicy.Get using the EPR stored in the Dependent property of AMT_AgentPresenceInterfacePolicy.

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.

  

# Create a reference to the CIM_EthernetPort instance, select the wired interface.

$ethernetPortRef = $wsmanConnectionObject.NewReference("SELECT * FROM CIM_EthernetPort WHERE DeviceID='Intel(r) AMT Ethernet Port 0'")

$agentPresenceInterfacePolicyRef = $wsmanConnectionObject.NewReference("AMT_AgentPresenceInterfacePolicy")

$agentPresenceInterfacePolicyRef.AddSelector("Antecedent", $ethernetPortRef)

# Traverse to the AMT_AgentPresenceInterfacePolicy instances that are connected to the CIM_EthernetPort instance.

foreach($agentPresenceInterfacePolicyItem in $agentPresenceInterfacePolicyRef.Enumerate("http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter", $null))

{

    # For each instance, check if it is associated to the AMT_SystemDefensePolicy instance.

if($agentPresenceInterfacePolicyItem.Object.GetProperty("Dependent").IsA("AMT_SystemDefensePolicy"))

    {

          if(($agentPresenceInterfacePolicyItem.Object.GetProperty("Enabled") -like $true) -or ($agentPresenceInterfacePolicyItem.Object.GetProperty("Active") -like $true))

          {

                # Get the AMT_SystemDefensePolicy object using its EPR.

                $systemDefensePolicyInstance = $agentPresenceInterfacePolicyItem.Object.GetProperty("Dependent").Ref.Get()

          }

    }

}

 

 

3.  Retrieve the enabled policies  triggered by Environment Detection:

a.   Retrieve the instance of AMT_SystemDefensePolicy with the InstanceID that you want.

b.   From the AMT_SystemDefensePolicy instance, find the instances of AMT_EnvironmentDetectionInterfacePolicy association class.

c.    For each entry, examine the Active and Enabled properties to determine the status of the policy.

d.   For each enabled or active policy, invoke CIM_EthernetPort.Get using the EPR stored in the Antecedent property of AMT_EnvironmentDetectionInterfacePolicy. Identify the instances of CIM_EthernetPort with the DeviceID property (see step 1d).

e.   For each enabled or active policy, invoke AMT_SystemDefensePolicy.Get using the EPR stored in the Dependent property of AMT_EnvironmentDetectionInterfacePolicy.

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.

  

# Create a reference to the CIM_EthernetPort instance, select the wired interface.

$ethernetPortRef = $wsmanConnectionObject.NewReference("SELECT * FROM CIM_EthernetPort WHERE DeviceID='Intel(r) AMT Ethernet Port 0'")

$environmentDetectionInterfacePolicyRef = $wsmanConnectionObject.NewReference("AMT_EnvironmentDetectionInterfacePolicy")

$environmentDetectionInterfacePolicyRef.AddSelector("Antecedent", $ethernetPortRef)

# Traverse to the AMT_EnvironmentDetectionInterfacePolicy instances that are connected to the CIM_EthernetPort instance.

foreach($environmentDetectionInterfacePolicyItem in $environmentDetectionInterfacePolicyRef.Enumerate("http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter", $null))

{

    # For each instance, check if it is associated to the AMT_SystemDefensePolicy instance.

if($environmentDetectionInterfacePolicyItem.Object.GetProperty("Dependent").IsA("AMT_SystemDefensePolicy"))

    {

          if(($environmentDetectionInterfacePolicyItem.Object.GetProperty("Enabled") -like $true) -or ($environmentDetectionInterfacePolicyItem.Object.GetProperty("Active") -like $true))

          {

                # Get the AMT_SystemDefensePolicy object using its EPR.

                $systemDefensePolicyInstance = $environmentDetectionInterfacePolicyItem.Object.GetProperty("Dependent").Ref.Get()

                break

          }

    }

}

 

 

4.  Retrieve the enabled policies  triggered by Heuristic System Defense:

a.   Retrieve the instance of AMT_SystemDefensePolicy with the InstanceID that you want.

b.   From the AMT_SystemDefensePolicy instance, find the instances AMT_HeuristicPacketFilterInterfacePolicy association class.

c.    For each entry, examine the Active and Enabled properties to determine the status of the policy.

d.   For each enabled or active policy, invoke CIM_EthernetPort.Get using the EPR stored in the Antecedent property of AMT_HeuristicPacketFilterInterfacePolicy. Identify the instances of CIM_EthernetPort with the DeviceID property (see step 1d).

e.   For each enabled or active policy, invoke AMT_SystemDefensePolicy.Get using the EPR stored in the Dependent property of AMT_HeuristicPacketFilterInterfacePolicy.

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.

  

# Create a reference to the CIM_EthernetPort instance, select the wired interface.

$ethernetPortRef = $wsmanConnectionObject.NewReference("SELECT * FROM CIM_EthernetPort WHERE DeviceID='Intel(r) AMT Ethernet Port 0'")

$heuristicPacketFilterInterfacePolicyRef = $wsmanConnectionObject.NewReference("AMT_HeuristicPacketFilterInterfacePolicy")

$heuristicPacketFilterInterfacePolicyRef.AddSelector("Antecedent", $ethernetPortRef)

# Traverse to the AMT_HeuristicsPacketFilterInterfacePolicy instances that are connected to the CIM_EthernetPort instance.

foreach($heuristicPacketFilterInterfacePolicyItem in $heuristicPacketFilterInterfacePolicyRef.Enumerate("http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter", $null))

{

    # For each instance, check if it is associated to the AMT_SystemDefensePolicy instance.

if($heuristicPacketFilterInterfacePolicyItem.Object.GetProperty("Dependent").IsA("AMT_SystemDefensePolicy"))

    {

          if(($heuristicPacketFilterInterfacePolicyItem.Object.GetProperty("Enabled") -like $true) -or ($heuristicPacketFilterInterfacePolicyItem.Object.GetProperty("Active") -like $true))

          {

                # Get the AMT_SystemDefensePolicy object using its EPR.

                $systemDefensePolicyInstance = $heuristicPacketFilterInterfacePolicyItem.Object.GetProperty("Dependent").Ref.Get()

                break

          }

    }

}

 

 

Instance Diagram

Not applicable

Classes Used in This Flow

SDK Sample

Located at:<AMT SDK>\Windows\Intel_AMT\Samples\WS-Management\SystemDefense

 

See Also:

   Network Isolation

   System Defense Policies

   Heuristic Policies

   System Defense Filter Types

   Processing Network Packets with System Defense

   Networking Packet Structures

Copyright © 2006-2013, Intel Corporation. All rights reserved.