Get the asset's policy variable

Maybe I am blind, but I do not see a way to get the asset’s policy from the platform script variables?

no way to do it. technically Assets don’t have policies anymore. The policies are applied to a folder tree and the folder tree cascades down to the asset and makes a composite policy.

There are some parts of the platform where you can do stuff based off of the name of the folder an asset is in. You could check to see if there is a platform var for the folder name

1 Like

Ok so I wasnt blind then. Yea I know… I guess I will have to find some type of API call then to track down the Asset composite policy. Just seems strange they have it in other parts of the website and yet not here.

For example, Automated Remediation calls it “Policy Folder Name”

1 Like

What are you trying to accomplish? I don’t think they have anything for policy folders or listing the composite policy in the API either. I’m pretty sure the only way to find it is using the web interface, so you’d have to reverse engineer the calls made in your browser.

1 Like

I tried doing so from the asset and couldn’t find policy info in registry or even log files. Resorted to a custom field filled out via script based on criteria I could determine from the asset. Would need to be tweaked for your specific setup/tools, if it would even work in your case:

Import-Module $env:SyncroModule -WarningAction SilentlyContinue

$dnsf = Get-Service "DNS Agent" -ErrorAction SilentlyContinue
$bd = Get-Service "Bitdefender Endpoint Protected Service" -ErrorAction SilentlyContinue

if ($dnsf -and $bd) {
    Write-Output "DNSFilter & Bitdefender found, setting to Managed Security"
    Set-Asset-Field -Name "Plan" -Value "Managed Security"
}
if (-not $dnsf -and $bd) {
    Write-Output "Only Bitdefender found, setting to AV Only"
	Set-Asset-Field -Name "Plan" -Value "AV Only"
}
if (-not $dnsf -and $bd -and (get-CimInstance CIM_OperatingSystem).caption -like '*Server*') {
    Write-Output "Only Bitdefender found, but server OS, setting to Managed Security"
    Set-Asset-Field -Name "Plan" -Value "Managed Security"
}
1 Like

Yo thanks! I will look over it. Yea I wish they had something like this expose at the script level.

As for why I want this - its so I dont have to make everything in doubles - double up keep in different policies for how things should function or be kept up. Its a more recent change, so I understand, but Syncro if you are reading, I would like this in the future please:)

Not sure what you mean by everything in doubles. The new system should reduce your need for ‘nearly the same but not quite’ duplicated policies. I’ll agree it’s way more annoying to actually implement than it should be due to lack of policy/folder templating or batch applying. If they’d have done dynamically assigned policies based on criteria it would have been so much better/easier.

1 Like

Can you please elaborate on what you are referring to here? I am trying to understand the need to reference policies via script variables, along with how not having it makes you do things in doubles.