Hi,
As i could not found this information elsewhere i share it here.
The select and filter objects seems to be mandatory in the query.
The filter part is the most tricky but with an example and the documentation it should be possible to build more complex filters.
SoapUI:
Raw request:
POST https://hostname/ProtectManager/webservices/v2/incidents/ HTTP/1.1
Accept-Encoding: gzip,deflate
Encoding: UTF-8
Content-Type: application/json
Content-Length: 184
Host: hostname
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.5 (Java/12.0.1)
Authorization: Basic redacted=
{
"limit":10,
"select":[ {"name":"incidentId"},{"name":"policyId"} ],
"filter":{"filterType":"int","operandOne":{"name":"incidentID"},"operandTwoValues":[4253],"operator":"EQ"}
}
Best regard,
Elric
------------------------------
Security Architect
DPS
------------------------------
Original Message:
Sent: 06-25-2020 04:32 PM
From: Jared Nealeigh
Subject: 15.7 REST API - Incident Details (get) 401 error
Hi Alex,
Yes I am still encountering the same error as before. Any other ideas?
Original Message:
Sent: 06-25-2020 02:52 AM
From: Alex Hedley
Subject: 15.7 REST API - Incident Details (get) 401 error
Could you try another endpoint:
incidents/statuses
Do you get the same issue?
------------------------------
Alex Hedley | Senior Developer | Protirus
Original Message:
Sent: 06-24-2020 10:20 PM
From: Jared Nealeigh
Subject: 15.7 REST API - Incident Details (get) 401 error
Hi all,
First post here - our organization upgraded to 15.7 a few months back.
With 15.7, SOAP API Incident reporting/details has been deprecated as they moved to fully support rest. (REF: https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=f6319a99-6c61-4d58-8554-f8cbdd380e4d&CommunityKey=65cf8c43-bb97-4e96-ae0b-0db8ba1b4d07&tab=librarydocuments#:~:text=The%20Incident%20Reporting%20and%20Update%20SOAP%20APIs%20are%20deprecated%20in,DLP%2015.7%20REST%20API%20documentation.&text=The%20SOAP%2Dbased%20version%20of,Incident%20Data%20Views%20are%20deprecated.)
The documentation for non Dev-related REST API is quite sparse.
i attempted to use basic authentication per the 15.7 Documentation and keep encountering error 401... I double checked my superadmin account has the API roles and all other permissions specified by the Doc.
"The APIs exposed by Symantec Data Loss Prevention (DLP) carry authentication and other classified data. To ensure security and confidentiality of the data, the Incident Reporting API service authenticates each client request using the HTTP basic authentication scheme" - https://apidocs.symantec.com/home/DLP15.7#_uri_scheme
Has anyone had luck with authenticating and using the REST Incident Details API?
I am trying to pull granular incident details not exportable in bulk for external reporting
Thank you,
Jared