Support Back to Console
English
日本語
Support
Back to Console
  • Home
  • Workload Security
  • SDK guides
  • Automate using the API and SDK
  • Automate
  • Run the code examples
Table of contents
About Workload Security
  • About the Workload Security components
  • About the Workload Security protection modules
  • About billing and pricing
  • Workload Security release strategy and life cycle policy
Compatibility
  • Agent platforms
  • Agent Linux kernel support
  • Supported features by platform
  • System requirements
  • Sizing
  • Port numbers, URLs, and IP addresses
Get started
  • Buy Workload Security
    • Sign up for a 30-day free trial
    • Sign up for Workload Security
    • Try the Workload Security demo
  • Transitioning from Deep Security as a Service
  • Start protecting computers
  • Check digital signatures on software packages
  • Deploy a relay
  • Deploy the agent
    • Get agent software
    • Install the agent
    • Install the agent on Amazon EC2 and WorkSpaces
    • Install the agent on an AMI or WorkSpace bundle
    • Install the agent on Azure VMs
    • Install the agent on Google Cloud Platform VMs
    • Activate the agent
Automate
  • Trend Micro Hybrid Cloud Security Command Line Interface (THUS)
  • Automate using the API and SDK
    • API reference
    • The API and SDK - DevOps tools for automation
      • The API and SDK
      • API versions
      • Legacy REST and SOAP APIs
      • Next Step
    • Send your first request using the API
      • Set up your development environment
      • Authenticate with Workload Security
      • Perform a GET request: list policies
      • Perform a POST request: search firewall rules
      • Get the Workload Security version
      • Next Steps
    • Notes about resource property values
      • How to express a null value
      • Valid values for Boolean properties
      • Include only changed values when modifying resources
    • About the overrides parameter
    • Search for resources
      • Searchable fields
      • Search computer sub-objects
      • Field names in Python code
      • Use wildcards in string searches
      • Perform a date-range search
      • Search for null values
      • Sort order
      • Limit search results and paging
    • API rate limits
      • Handle rate limit errors in your code
    • Performance tips
      • Minimize computer response size
      • Use the overrides parameter
      • Directly configure rule assignments
      • Interact directly with single settings
      • Page your search results
    • Troubleshooting tips
      • Obtain error information
      • Authentication errors
      • Authorization errors
      • Resource not found errors
      • Bad request errors
      • Check SDK compatibility
    • API cookbook
      • About the API cookbook
      • Set Up to Use Bash or PowerShell
        • Bash or PowerShell?
        • Check your environment
        • Create an API key
        • Test your setup
        • Final comments
      • Get a List of Computers (Bash and PowerShell)
        • Before you begin
        • Bash
        • PowerShell
        • Notes
      • Search for a Policy (Bash and PowerShell)
        • Before you begin
        • Bash
        • PowerShell
        • Notes
      • Assign a Policy to a Computer (Bash and PowerShell)
        • Before you begin
        • Bash
        • PowerShell
        • Notes
      • Assign a Policy to Many Computers (Bash and PowerShell)
        • Before you begin
        • Bash
        • PowerShell
        • Notes
        • Related Resources
    • SDK guides
      • Python SDK
        • Get set up to use the Python SDK
      • SDK version compatibility
        • Upgrade scenarios
        • Discover changes to SDKs
      • Run the code examples
      • Index of code examples
        • Anti-Malware
        • API Client
        • API keys
        • Application Control
        • Computers
        • Firewall
        • Integrity Monitoring
        • Intrusion Prevention (IDS/IPS)
        • Lists
        • Log Inspection
        • Policies
        • Recommendations
        • Reporting
        • Roles
        • Rules
        • Scheduled tasks
        • Schedules
        • Security updates
        • Search
        • Settings
        • Web Reputation
      • Deploy Workload Security
        • Use the API to generate an agent deployment script
          • General steps
          • Example
        • Integrate Workload Security with AWS Services
          • Workflow pattern
          • Amazon GuardDuty
          • Amazon Macie
          • Amazon Inspector
          • AWS WAF
          • AWS Config
        • Add Computers
        • Add a Google Cloud Platform Connector
          • Submit a Sync Action for a GCP Connector
        • Control Access Using Roles
          • General steps
          • Example: Create a role
        • Create and manage API keys
          • About API keys
          • Create an API Key Using Code
          • Create an API key using the console
          • Manage API keys after their creation
        • Configure Workload Security system settings
          • Retrieve, modify, or reset a single system setting
          • List or modify multiple system settings
        • Monitor Workload Security events
      • Configure protection
        • Create and configure a policy
          • Create a policy
          • Assign a policy to a computer
          • Configure policy and default policy settings
          • Reset policy overrides
        • Configure Firewall
          • General steps
          • Example
          • Create a firewall rule
          • Limitations to configuring stateful configurations
        • Configure Intrusion Prevention
          • General steps
          • Example
          • Create an Intrusion Prevention rule
        • Configure Anti-Malware
          • General steps
          • Example
          • Create and modify malware scan configurations
        • Configure Web Reputation
          • General steps
          • Example
        • Configure Application Control
          • Configure Application Control for a policy
          • Allow or Block Unrecognized Software
          • Create a shared ruleset
          • Add Global Rules
          • Configure maintenance mode during upgrades
        • Configure Integrity Monitoring
          • General steps
          • Example
          • Create an Integrity Monitoring rule
        • Configure Log Inspection
          • General steps
          • Example
          • Create a Log Inspection rule
        • Create and modify lists
        • Create and configure schedules
        • Override policies on a computer
          • Discover overrides
          • Configure computer overrides
          • Rule overrides
      • Maintain protection
        • Report on computer status
          • Discover unprotected computers
          • Get computer configurations
          • Discover the Anti-Malware configuration of a computer
          • Get applied intrusion prevention rules
        • Patch unprotected computers
          • Example: Find the Intrusion Prevention rule for a CVE
          • Example: Find computers that are not protected against a CVE
          • Example: Add intrusion prevention rules to computers' policies
        • Assign rules with recommendation scans
          • Find when recommendation scans last ran
          • Apply recommendations
        • Maintain protection using scheduled tasks
          • Related classes
          • Create a scheduled task
          • Create, run, and delete a scheduled task
          • Run an existing scheduled task
    • Settings reference
      • Default policy, policy, and computer settings
      • System settings
    • Use the legacy APIs
      • Provide access for legacy APIs
      • Transition from the SOAP API
        • Terminology
        • Specific tasks
        • Java class structure
        • Capabilities
        • Related code examples
      • Use the legacy REST API
        • When to use the legacy REST API
        • Set up your environment to use the REST API
        • Develop a REST API client application
        • Special Considerations
  • Automate using the console
    • Schedule Workload Security to perform tasks
    • Automatically perform tasks when a computer is added or changed (event-based tasks)
    • AWS Auto Scaling and Workload Security
    • Azure virtual machine scale sets and Workload Security
    • GCP auto scaling and Workload Security
    • Use deployment scripts to add and protect computers
    • URL format for download of the agent
    • Automatically assign policies by AWS instance tags
  • Command-line basics
User Guide
  • Add computers
    • About adding computers
    • Add local network computers
    • Add AWS instances
      • About adding AWS accounts
      • Add an AWS account using the quick setup
      • Add an AWS account using a cross-account role
      • Add Amazon WorkSpaces
      • Manage an AWS account
      • Manage an AWS account external ID
      • Protect an account running in AWS Outposts
      • What does the Cloud Formation template do when I add an AWS account?
    • Add Azure instances
      • Create an Azure app for Workload Security
      • Add a Microsoft Azure account to Workload Security
      • Why should I upgrade to the new Azure Resource Manager connection functionality?
    • Add GCP instances
      • Create a Google Cloud Platform service account
      • Add a Google Cloud Platform account
    • Add VMware VMs
      • Add virtual machines hosted on VMware vCloud
      • Set up a data center gateway
        • Set up a data center gateway
        • Check the data center gateway status and connection
        • Upgrade the data center gateway
        • Security best practices
        • High availability deployment plan
      • Add a VMware vCenter to Workload Security
    • Manually upgrade your AWS account connection
    • How do I migrate to the new cloud connector functionality?
    • Protect Docker containers
  • Configure policies
    • Create policies
    • Policies, inheritance, and overrides
    • Manage and run recommendation scans
    • Detect and configure the interfaces available on a computer
    • Overview section of the computer editor
    • Overview section of the policy editor
    • Network engine settings
    • Define rules, lists, and other common objects used by policies
      • About common objects
      • Create a firewall rule
      • Configure intrusion prevention rules
      • Create an Integrity Monitoring rule
      • Define a Log Inspection rule for use in policies
      • Create a list of directories for use in policies
      • Create a list of file extensions for use in policies
      • Create a list of files for use in policies
      • Create a list of IP addresses for use in policies
      • Create a list of ports for use in policies
      • Create a list of MAC addresses for use in policies
      • Define contexts for use in policies
      • Define stateful firewall configurations
      • Define a schedule that you can apply to rules
  • Configure protection modules
    • Configure Intrusion Prevention
      • About Intrusion Prevention
      • Set up Intrusion Prevention
      • Configure intrusion prevention rules
      • Configure an SQL injection prevention rule
      • Application types
      • Inspect SSL or TLS traffic
      • Configure anti-evasion settings
      • Performance tips for intrusion prevention
    • Configure Anti-Malware
      • About Anti-Malware
      • Set up Anti-Malware
        • Enable and configure anti-malware
        • Configure malware scans
        • Performance tips for anti-malware
        • Disable Windows Defender on Windows Server 2016 or later
      • Detect emerging threats using Predictive Machine Learning
      • Enhanced anti-malware and ransomware scanning with behavior monitoring
      • Smart Protection in Workload Security
      • Handle malware
        • View and restore identified malware
        • Create anti-malware exceptions
        • Increase debug logging for anti-malware in protected Linux instances
    • Configure Firewall
      • About Firewall
      • Set up the Workload Security firewall
      • Create a firewall rule
      • Allow trusted traffic to bypass the firewall
      • Firewall rule actions and priorities
      • Firewall settings
      • Define stateful firewall configurations
      • Container Firewall rules
    • Configure Web Reputation
    • Configure Integrity Monitoring
      • About Integrity Monitoring
      • Set up Integrity Monitoring
      • Create an Integrity Monitoring rule
      • Integrity Monitoring rules language
        • About the Integrity Monitoring rules language
        • DirectorySet
        • FileSet
        • GroupSet
        • InstalledSoftwareSet
        • PortSet
        • ProcessSet
        • RegistryKeySet
        • RegistryValueSet
        • ServiceSet
        • UserSet
        • WQLSet
    • Configure Log Inspection
      • About Log Inspection
      • Set up Log Inspection
      • Define a Log Inspection rule for use in policies
    • Configure Application Control
      • About Application Control
      • Set up Application Control
      • Verify that Application Control is enabled
      • Monitor Application Control events
      • View and change Application Control rulesets
      • Reset Application Control after too much software change
      • Use the API to create shared and global rulesets
  • Configure events and alerts
    • About Workload Security event logging
    • Log and event storage best practices
    • Anti-Malware scan failures and cancellations
    • Apply tags to identify and group events
    • Reduce the number of logged events
    • Rank events to quantify their importance
    • Forward events to a Syslog or SIEM server
      • Forward Workload Security events to a Syslog or SIEM server
      • Syslog message formats
      • Configure Red Hat Enterprise Linux to receive event logs
    • Access events with Amazon SNS
      • Set up Amazon SNS
      • SNS configuration in JSON format
      • Events in JSON format
    • Configure alerts
    • Generate reports about alerts and other activity
    • Lists of events and alerts
      • Predefined alerts
      • Agent events
      • System events
      • Application Control events
      • Anti-Malware events
      • Firewall events
      • Intrusion Prevention events
      • Integrity Monitoring events
      • Log Inspection events
      • Web Reputation events
    • Troubleshoot common events, alerts, and errors
      • Why am I seeing firewall events when the firewall module is off?
      • Troubleshoot event ID 771 "Contact by Unrecognized Client"
      • Troubleshoot "Smart Protection Server disconnected" errors
      • Activation Failed
      • Agent version not supported
      • Anti-Malware Engine Offline
      • Check Status Failed
      • Installation of Feature 'dpi' failed
      • Intrusion Prevention Rule Compilation Failed
      • Log Inspection Rules Require Log Files
      • Module installation failed (Linux)
      • There are one or more application type conflicts on this computer
      • Unable to connect to the cloud account
      • Unable to resolve instance hostname
      • Integrity Monitoring information collection has been delayed
      • Max TCP connections
      • Census, Good File Reputation, and Predictive Machine Learning Service Disconnected
      • Insufficient disk space
      • Reconnaissance Detected
  • Configure proxies
    • Configure proxies
    • Proxy settings
  • Configure relays
    • How relays work
    • Deploy additional relays
    • Remove relay functionality
  • Manage agents (protected computers)
    • Computer and agent statuses
    • Configure agent version control
    • Configure teamed NICs
    • Communication between Workload Security and the agent
    • Configure agents that have no internet access
    • Activate and protect agents using agent-initiated activation and communication
    • Automatically upgrade agents on activation
    • Using Deep Security Agent with iptables
    • Enable Managed Detection and Response
    • Enable or disable agent self-protection
    • Are "Offline" agents still protected by Workload Security?
    • Automate offline computer removal with inactive agent cleanup
    • Agent settings
    • Linux Secure Boot support for agents
    • Workload Security Notifier
  • Manage users
    • Add and manage users
    • Define roles for users
    • Add users who can only receive reports
    • Unlock a locked out user name
    • Implement SAML single sign-on (SSO)
      • About SAML single sign-on (SSO)
      • Configure SAML single sign-on
      • Configure SAML single sign-on with Azure Active Directory
  • Manage your billing account
    • Check your billing and usage
    • Change your billing method
    • Change your subscription account
    • Change your credit card information
    • Cancel your account
  • Navigate and customize the Workload Security console
    • Customize the dashboard
    • Group computers dynamically with smart folders
    • Customize advanced system settings
  • Harden Workload Security
    • About Workload Security hardening
    • Enforce user password rules
    • Set up multi-factor authentication
    • Manage trusted certificates
    • SSL implementation and credential provisioning
    • If I have disabled the connection to the Smart Protection Network, is any other information sent to Trend Micro
  • Upgrade Workload Security
    • About upgrades
    • Apply security updates
    • Disable emails for New Pattern Update alerts
    • Use a web server to distribute software updates
    • Upgrade the relay
    • Upgrade the agent
  • Uninstall the Deep Security Agent
Integrations
  • Integrate with AWS PrivateLink
  • Integrate with AWS Control Tower
  • Integrate with AWS Systems Manager Distributor
    • Create Parameters
    • Integrate with AWS Systems Manager Distributor
    • Protect your computers
  • Integrate with Apex Central
  • Integrate with Smart Protection Server
  • Integrate with XDR
FAQs
  • Am I protected during an outage?
  • How are features released in Workload Security?
  • Why does my Windows machine lose network connectivity when I turn on protection?
  • How does agent protection work for Solaris zones?
  • How do I protect Azure Government instances?
  • How does the agent use the Amazon Instance Metadata Service?
  • How can I minimize heartbeat alerts for offline environments in an AWS Elastic Beanstalk environment?
  • Why can I not add my Azure server using the Azure cloud connector?
  • Why can I not view all of the VMs in an Azure subscription in Workload Security?
Troubleshooting
  • Offline agent
  • High CPU usage
  • Diagnose problems with agent deployment (Windows)
  • Anti-Malware Windows platform update failed
  • Security update connectivity
  • Prevent MTU-related agent communication issues across Amazon Virtual Private Clouds (VPC)
  • Issues adding your AWS account to Workload Security
  • Create a diagnostic package and logs
  • Removal of older software versions
  • Troubleshoot SELinux alerts
Trust and compliance information
  • About compliance
  • Agent package integrity check
    • Troubleshoot
  • Workload Security Trust Center
  • Meet PCI DSS requirements with Workload Security
  • GDPR
  • Set up AWS Config Rules
  • Bypass vulnerability management scan traffic in Workload Security
  • Use TLS 1.2 with Workload Security
  • Privacy and personal data collection disclosure
Release notes and scheduled maintenance
  • Scheduled maintenance
  • What's new in Workload Security
  • API changelog
Topics on this page

Run the code examples

The code examples in the Workload Security automation guides are available from the Workload Security SDK Samples GitHub repository. See the repository readme for instructions about how to obtain and run the samples.

Previous
SDK version compatibility
Next
Index of code examples
Privacy Browser Requirements
© 2020 Trend Micro Incorporated. All rights reserved.