Intel AMT Features > System Defense > Use Cases > Create a System Defense Policy
CollapseAll image

Create a System Defense Policy

The following step describes how to create a System Defense policy.

1.  Create an instance of AMT_SystemDefensePolicy with the following mandatory properties:

Property

Value

InstanceID

Enter any value (the value is overridden)

PolicyName

“ExamplePolicy” – Enter a meaningful name that you can use later to search for this instance. Maximum length 16.

PolicyPrecedence

The priority of this policy when multiple policies are activated simultaneously. Valid values: An integer number. This property is ignored in default System Defense Policies.

TxDefaultCount

Count Tx filter matches. Valid values:

     True

     False

TxDefaultDrop

Drop Tx packets when they match the filter. Valid values:

     True

     False

TxDefaultMatchEvent

Create an event in the Event Manager when this filter is matched. Valid values:

     True

     False

RxDefaultCount

Count Rx filter matches. Valid values:

     True

     False

RxDefaultDrop

Drop Rx packets when they match the filter. Valid values:

     True

     False

RxDefaultMatchEvent

Create an event in the Event Manager when this filter is matched. Valid values:

     True

     False

2.  Using the EPRs for any filters that will be in the policy, retrieve the InstanceID of each filter, and add each InstanceID to the FilterCreationHandles property of the policy.

3.  Invoke AMT_SystemDefensePolicy.Create.

Click here for a snippet demonstrating this step

This snippet depends on the results of previous snippets: You need to create filters before creating a policy.

You can execute this snippet by inserting it into the execution template found here.

  

$systemDefensePolicyInstance =$wsmanConnectionObject.NewInstance("AMT_SystemDefensePolicy")

$systemDefensePolicyInstance.SetProperty("InstanceID","n/a")

$systemDefensePolicyInstance.SetProperty("PolicyName","MyPolicy")

$systemDefensePolicyInstance.SetProperty("PolicyPrecedence","30")

$systemDefensePolicyInstance.SetProperty("TxDefaultCount","false")

$systemDefensePolicyInstance.SetProperty("TxDefaultDrop","false")

$systemDefensePolicyInstance.SetProperty("TxDefaultMatchEvent","false")

$systemDefensePolicyInstance.SetProperty("RxDefaultCount","false")

$systemDefensePolicyInstance.SetProperty("RxDefaultDrop","false")

$systemDefensePolicyInstance.SetProperty("RxDefaultMatchEvent","false")

# $ipHeadersFilterRef is an EPR to the AMT_IPHeadersFilter object created by the 'Create an IP Filter' use case. 

$ipHeadersFilterInstance =$ipHeadersFilterRef.Get()

$ipFilterInstanceID =$ipHeadersFilterInstance.GetProperty("InstanceID")

# $hdr8021FilterInstance is an EPR to the AMT_Hdr8021Filter object created by the 'Create an Ethernet Filter' use case.

$hdr8021FilterInstance =$hdr8021FilterRef.Get()

$ethernetFilterInstanceID =$hdr8021FilterInstance.GetProperty("InstanceID")

$filterCreationHandles = @($ipFilterInstanceID.ToString(),$ethernetFilterInstanceID.ToString())

$systemDefensePolicyInstance.SetProperty("FilterCreationHandles",$filterCreationHandles)

# The $systemDefensePolicyRef is an EPR to the new AMT_SystemDefensePolicy object.

$systemDefensePolicyRef =$systemDefensePolicyInstance.Create()

 

 

 

 Note:

When you create an AMT_SystemDefensePolicy object, the following instances are implicitly created by the implementation:

   Rx or Tx filters are created.

   If AntiSpoofing was enabled, an AntiSpoofing filter is also created.

   For each filter created or specified in the FilterCreationHandles property, Intel AMT creates an AMT_FilterInSystemDefensePolicy association instance where the Antecedent is the policy and the Dependent is the filter.

   An association SystemDefensePolicyInService connects the policy to the service.

Intel AMT does not check that a new policy is similar to or identical to an existing policy (except for policy name). Users are responsible for optimizing policy usage.

 

Instance Diagram

Additional filter but no anti-spoofing:

No additional filter but with anti-spoofing:

No additional filter and no anti-spoofing

Classes Used in This Flow

SDK Sample

If there is a sample demonstrating this flow, it is included in the SDK installation file. See SDK Installation Layout for details.

 

See Also:

   Network Isolation

   System Defense Policies

   Heuristic Policies

   System Defense Filter Types

   Processing Network Packets with System Defense

   Networking Packet Structures

Copyright © 2006-2022, Intel Corporation. All rights reserved.