Intel AMT Features > System Defense > Use Cases > Get the Statistics of the Active Policy
CollapseAll image

Get the Statistics of the Active Policy

Once a policy becomes active on an interface, you can get the statistics of the policy’s operation on a specific interface to reveal what actions have been taken by that policy on the interface.

The following steps describe how to get the statistics of the active policy.

1.  Update the System Defense policy statistics of the required interface, as described in Update Policy Statistics.

2.  Retrieve the instances of CIM_EthernetPort. The DeviceID determines which port the instance applies to:

Key

Value

DeviceID

     “Intel(r) AMT Ethernet Port 0” – wired port

     “Intel(r) AMT Ethernet Port 1” – wireless port

 

3.  Go over the list of CIM_EthernetPort instances, for each instance:

a.   Find the instances of AMT_ActiveFilterStatistics association.

b.   For each  entry returned, the following properties contain data regarding the current filter statistics:

   ActivationTime

   LastResetTime

   FilterMatched

   ReadCount

c.    To retrieve the filters data, invoke AMT_FilterInSystemDefensePolicy.Get using the EPR in AMT_ActiveFilterStatistics.Dependent. For each entry:

   Invoke AMT_SystemDefensePolicy.Get using the EPR in AMT_FilterInSystemDefensePolicy.Antecedent. This will get the policy which contains the filter’s statistics.

   Invoke Get on the super class AMT_FilterEntryBase using the EPR in AMT_FilterInSystemDefensePolicy.Dependent. This will get the filter’s data.

 

Click here for a snippet demonstrating this step

See the General Info Get Core Version use case for the GetCoreVersion function.

You can execute this snippet by inserting it into the execution template found here.

  

# Create a reference to the CIM_EthernetPort instance, select the wired interface.

$ethernetPortRef =$wsmanConnectionObject.NewReference("SELECT * FROM CIM_EthernetPort WHERE DeviceID='Intel(r) AMT Ethernet Port 0'")

$activeFilterStatisticsRef =$wsmanConnectionObject.NewReference("AMT_ActiveFilterStatistics")

$activeFilterStatisticsRef.AddSelector("Antecedent",$ethernetPortRef)

# Traverse to the AMT_ActiveFilterStatistics instances that are connected to the CIM_EthernetPort instance.

foreach($activeFilterStatisticsItem in$activeFilterStatisticsRef.Enumerate("http://schemas.dmtf.org/wbem/wsman/1/wsman/SelectorFilter",$null))

{

    # For each instance, check if it is associated to the AMT_FilterInSystemDefensePolicy instance.

if($activeFilterStatisticsItem.Object.GetProperty("Dependent").IsA("AMT_FilterInSystemDefensePolicy"))

    {

          $activeFilterStatisticsInstance =$activeFilterStatisticsItem.Object

          $activationTime =$activeFilterStatisticsInstance.GetProperty("ActivationTime")

          $lastResetTime =$activeFilterStatisticsInstance.GetProperty("LastResetTime")

          $fwVersion = GetCoreVersion

          if($fwVersion.ToString() -ge "5.1")

          {

                $activationTime =$activationTime.InternalObject.Text

                $lastResetTime =$lastResetTime.InternalObject.Text

          }

          $filterMatched =$activeFilterStatisticsInstance.GetProperty("FilterMatched")

          $readCount =$activeFilterStatisticsInstance.GetProperty("ReadCount")

          # Get the AMT_FilterInSystemDefensePolicy object using its EPR.

          $filterInSystemDefensePolicyInstance =$activeFilterStatisticsInstance.GetProperty("Dependent").Ref.Get()

          # Check if it is associated to the AMT_SystemDefensePolicy instance.

    if($filterInSystemDefensePolicyInstance.GetProperty("Antecedent").IsA("AMT_SystemDefensePolicy"))

          {

                $systemDefensePolicyInstance =$filterInSystemDefensePolicyInstance.GetProperty("Antecedent").Ref.Get()

                $filterEntryBaseInstance =$filterInSystemDefensePolicyInstance.GetProperty("Dependent").Ref.Get()                

          }

    }

}

 

 

Additional Information

There may be a difference between the number of the filtered packets and the actual statistics count values due to the overhead involved with statistics management. This includes differences which may appear between similar filters.

Statistics are lost if the platform enters the Moff state, the power source is disconnected or if the power policy is changed.

Instance Diagram

Not applicable

Classes Used in This Flow

SDK Sample

If there is a sample demonstrating this flow, it is included in the SDK installation file. See SDK Installation Layout for details.

 

See Also:

   Network Isolation

   System Defense Policies

   Heuristic Policies

   System Defense Filter Types

   Processing Network Packets with System Defense

   Networking Packet Structures

Copyright © 2006-2022, Intel Corporation. All rights reserved.