Creating SES scripts that use the HostCheckResource script resource

Principle

Two scripts are defined in order to manage the security policy applied to the workstation based on the result of the ping:

The base script (HostReputationOK in the example) sends a ping through the HostCheckResource resource:

  • As long as the workstation is able to contact its target (with a proper reputation), this same script will be rerun every 20 seconds,
  • Whenever the workstation is unable to contact its target (poor reputation):
  1. A strengthened security policy will be applied to the workstation (HostBadReputationPolicy in the example),
  2. Another script (HostBadReputation) will be run every 20 seconds.
 

The script run in the event of a host's poor reputation (HostBadReputation in the example) will then send a ping through the HostCheckResource resource:

  • As long as the workstation is unable to contact its target (with a poor reputation), this same script will be rerun every 20 seconds,
  • When it is able to contact its target again (after remediation - proper reputation):
  1. The security policy applied to the workstation (to allow reverting to the standard policy if necessary) will be reevaluated,
  2. The HostReputationOK script will be run again.

Defining these scripts in the SES console

HostReputationOK script

  1. In the Environment Manager > Policies menu, right-click on the Script folder.
  2. Click on the New policy menu.
  3. Select the Script type and name this policy (HostReputationOK in the example).

Adapting the "IF..." condition

  1. Right-click on the "IF AND" condition and select Add a user test.
  2. Select the HostCheckResource script.

Adapting the "True" result

  1. Right-click on the "IF AND" condition and select Add built-in action > Run > Script.
  2. Expanding the list of the Name field in the Properties panel, select the HostReputationOK script.
  3. Edit the Wait (seconds) field and indicate 20.

Adapting the "False" result

  1. Right-click on this result and select Add built-in action > Configuration > Apply a policy.
  2. Expanding the list of the Name field in the Properties panel, select the strengthened security policy created earlier (HostBadReputationPolicy).
  3. The last step in the configuration of the "False" result can only be carried out when the HostBadReputation script has been created.

HostBadReputation script

  1. In the Environment Manager > Policies menu, right-click on the Script folder.
  2. Click on the New policy menu.
  3. Select the Script type and name this policy (HostBadReputation in the example).

Adapting the "IF..." condition

  1. Click on the "IF AND" condition
  2. In the Properties panel, expand the list of the Condition field and select "IF NOT".
  3. In the Policy panel, right-click on "IF NOT" and select Add a user test.
  4. Select the HostCheckResource script.

Adapting the "True" result

  1. Right-click on the "IF AND" condition and select Add built-in action > Run > Script.
  2. In the Properties panel, expand the list of the Name field and select the HostBadReputation script.
  3. Edit the Wait (seconds) field and indicate 20.

Adapting the "False" result

  1. Right-click on this result and select Add built-in action > Configuration > Review policies.
  2. Right-click again on the "False" result and select Add built-in action > Run > Script.
  3. In the Properties panel, expand the list of the Name field and select the HostReputationOK script. Edit the Wait (seconds) field and indicate 20.

Completing the CheckHostOK script

Completing the "False" result

  1. Right-click on the "False" result and select Add built-in action > Run > Script.
  2. In the Properties panel, edit the Name field and select the HostBadReputation script. Edit the Wait (seconds) field and indicate 20.

 

Both scripts will then resemble the following: