Initiate Automatic Policy Discovery
Automatically discover policies for the workspace. (Formerly known as “submitting an ADM run”).
POST /openapi/v1/applications/{application_id}/submit_run
Parameters: The request URL contains the following parameters
|
Name |
Type |
Description |
|---|---|---|
|
application_id |
string |
The unique identifier for the workspace. |
Parameters: The JSON query body contains the following keys
|
Name |
Type |
Description |
|---|---|---|
|
start_time |
string |
Start time of the input time interval for an automatic policy discovery run. |
|
end_time |
string |
End time of the input time interval for an automatic policy discovery run. |
|
clustering_granularity |
string |
(optional) Clustering Granularity allows the user to have a control on the size of the clusters generated by automatic policy discovery. Expected values: VERY_FINE, FINE, MEDIUM, COARSE, or VERY_COARSE |
|
port_generalization |
string |
(optional) Port Generalization con- trols the level of statistical significance required when performing port generalization. Expected values: DISABLED, CONSERVATIVE, MODERATE, AGGRESSIVE, or VERY_AGGRESSIVE |
|
policy_compression |
string |
(optional) Policy Compression when enabled, policies that are sufficiently frequent, i.e. they use the same provider port, among the generated clusters inside a workspace may be ‘factored out’ to the parent, that is, replaced with one or more policies applicable to the entire parent scope. Expected values: DISABLED, CONSERVATIVE, MODERATE, AGGRESSIVE, or VERY_AGGRESSIVE |
|
auto_accept_policy_connectors |
boolean |
(optional) Auto accept policy connectors any outgoing policy requests created during the automatic policy discovery will be auto accepted. |
|
enable_exclusion_filter |
boolean |
(optional) Enable exclusion filter option provides the flexibility to ignore all conversations matching any of the user-defined exclusion filters (if any). For more information, see Exclusion Filters . |
|
enable_default_exclusion_filter |
boolean |
(optional) Enable default exclusion filter option provides the flexibility to ignore all conversations matching any of the default exclusion filters (if any). For more information, see Default Exclusion Filters for more info. |
|
enable_service_discovery |
boolean |
(optional) When Enable service discovery on agent is set, ephemeral port-range information about services present on the agent node are reported. Policies are then generated based on the reported port-range information. |
|
carry_over_policies |
boolean |
(optional) When Carry over Approved Policies is set, all the policies that are marked as approved by the user via UI or OpenAPI will be preserved. |
|
skip_clustering |
boolean |
(optional) When Skip clustering is set, no new clusters are generated, and policies are generated from any existing approved clusters or inventory filters and otherwise involve all workloads in the scope. |
|
deep_policy_generation |
boolean |
(Optional) You can generate policies for a branch of the scope tree rather than for a single scope. For more information, see Discover Policies for One Scope or for a Branch of the Scope Tree and subtopic. |
|
use_default_config |
boolean |
(optional) When this option is set, automatic policy discovery will use the Default Policy Discovery Config instead of the previous run config. For more information, see Default Policy Discovery Config. |
|
Unspecified optional parameter default values will be taken from the previous automatic policy discovery run config if automatic policy discovery was performed earlier in the workspace or else the default values will be taken from the Default Policy Discovery Config. |
Response object: Returns an object with the following attributes:
|
Name |
Type |
Description |
|---|---|---|
|
message |
string |
Message about success or failure of automatic policy discovery run. |
Sample python code
application_id = '5d02b493755f0237a3d6e078'
req_payload = {
'start_time': '2020-09-17T10:00:00-0700',
'end_time': '2020-09-17T11:00:00-0700',
# Optional Parameters.
'clustering_granularity': 'FINE',
'port_generalization': 'AGGRESSIVE',
'policy_compression': 'AGGRESSIVE',
'auto_accept_policy_connectors': False,
'enable_exclusion_filter': True,
'enable_default_exclusion_filter': True,
'enable_service_discovery': True,
'carry_over_policies': True,
'skip_clustering': False,
'deep_policy_generation': True,
'use_default_config': False
}
resp = restclient.post('/applications/%s/submit_run' % application_id,
json_body=json.dumps(req_payload))