cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
285
Views
0
Helpful
3
Replies

Attach policy or blocklist to computer using the API

m2oswald
Level 1
Level 1

My organization uses Cisco Secure Endpoint, and I want to block an app on a specific computer.  I can add the file hash for the executable to an App Blocklist, add that blocklist to a Policy, add the policy to a Group, then move the computer to that group.  But I don't want to move the computer to a different group, I'd like it to stay in it's current group.  But I also don't want to add the policy to it's existing group because there are other computers in the group and I don't want to block the app on everything.  Is there a way to add a policy or blocklist to a specific computer?  We want to automate the process so I need to use an API endpoint.

I've looked through the API docs but can't find anything.  And I can't do it through the Secure Endpoint portal either, so maybe it's not even possible.  Does anyone have any advice?

Michael

1 Accepted Solution

Accepted Solutions

Matthew Franks
Cisco Employee
Cisco Employee

Each group has a specific policy per operating system, so you can't apply a different policy to an endpoint while keeping it in the same group. To do what you're looking for, you would need two separate groups. One where the application is allowed in the endpoint policy, and another where it is blocked. Not what you were looking for, but hopefully it helped clarify things.

Thanks,

Matt

View solution in original post

3 Replies 3

Matthew Franks
Cisco Employee
Cisco Employee

Each group has a specific policy per operating system, so you can't apply a different policy to an endpoint while keeping it in the same group. To do what you're looking for, you would need two separate groups. One where the application is allowed in the endpoint policy, and another where it is blocked. Not what you were looking for, but hopefully it helped clarify things.

Thanks,

Matt

No.

The smallest unit to put a policy on is a group.
It can be a sub-group. You can't apply to a single machine.

m2oswald
Level 1
Level 1

Thank you both for your help.  I kind of figured that, but was hoping there was a way around it.  Shame that Secure Endpoint doesn't merge policies in child groups...