Freely subscribe to our NEWSLETTER

Power Rules is a business rules engine that enables customers to more easily configure Defendpoint to their unique business requirements as well as integrate Defendpoint into other systems.

Whitelisting and blacklisting rules are generally straightforward to develop and enforce, but applications where there is only limited information available can introduce risk into an environment if not properly vetted prior to allowing the application’s use.

Based on PowerShell, organizations can simply write a script and embed it in the policy itself. For example, Power Rules can trigger a service desk workflow to automatically submit a ticket, call out to a third-party to check the hash, or interface with a vulnerability management system to check for CVEs on the application.

Power Rules for ServiceNow

With the latest version of Defendpoint, IT administrators can achieve the following:

• Automatically raise an incident in ServiceNow: When a user runs an application that is targeted with the ServiceNow Rule Script, the user is presented with the option to raise an incident in ServiceNow or cancel the request. The ServiceNow ticket includes a description of the business justification, the program name, program publisher, program path, challenge code, and the business justification the end-user provided.

• Simplify responses: Administrators can take action on the incident in ServiceNow and supply the end-user with a response code. The end-user can then use the response code to ’unlock’ the application, allowing it to run. Any application that matches the rule will then trigger the ServiceNow workflow.

Defendpoint 5.3 with Power Rules is available now.