Importing policies using a Python script
Symantec Endpoint Detection and Responsesupports importing files in .json file format. You must use Python 2.7.5 - 3.4.3 on Windows 3.4.3. When you export entries, the export file is saved in the script directory.
The files that you'll need and their descriptions are as follows:
You'll modify this file to include the IP address of your
EDR appliance consolewhere you want to import or export entries. You'll also need to add a client ID and client secret to this file.
Before you begin, you should obtain the client ID and client secret that you'll need to insert in the
policy.conffile. You obtain a client ID and client secret from
EDR appliance console.
This file explains what arguments you should type to import entries or export entries into your
Symantec EDRallow list or deny list. It also provides the argument for how to delete all of your allow list entries and deny list entries. The file provides several command-line examples to demonstrate how to type the command.
This file is the Python script that you run to perform the tasks that you want to perform.
- Contact Symantec Support to obtain the required files:
- OpenREADME.txtand leave it open to assist you in performing steps 3 and 4.
- Modifypolicy.confas necessary and save the file with your changes.SeeREADME.txtfor instructions on which fields need to be modified and what information you need to provide.
- At the command line, run the Python script.SeeREADME.txtfor the commands to import entries, export entries, and delete entries.