Data Loss Prevention

Hi all,

First post here - our organization upgraded to 15.7 a few months back. 
With 15.7, SOAP API Incident reporting/details has been deprecated as they moved to fully support rest. (REF: https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=f6319a99-6c61-4d58-8554-f8cbdd380e4d&CommunityKey=65cf8c43-bb97-4e96-ae0b-0db8ba1b4d07&tab=librarydocuments#:~:text=The%20Incident%20Reporting%20and%20Update%20SOAP%20APIs%20are%20deprecated%20in,DLP%2015.7%20REST%20API%20documentation.&text=The%20SOAP%2Dbased%20version%20of,Incident%20Data%20Views%20are%20deprecated.)

The documentation for non Dev-related REST API is quite sparse. 

i attempted to use basic authentication per the 15.7 Documentation and keep encountering error 401... I double checked my superadmin account has the API roles and all other permissions specified by the Doc.

"The APIs exposed by Symantec Data Loss Prevention (DLP) carry authentication and other classified data. To ensure security and confidentiality of the data, the Incident Reporting API service authenticates each client request using the HTTP basic authentication scheme" - https://apidocs.symantec.com/home/DLP15.7#_uri_scheme


Has anyone had luck with authenticating and using the REST Incident Details API?
I am trying to pull granular incident details not exportable in bulk for external reporting

Thank you,
Jared

Could you try another endpoint:
incidents/statuses
Do you get the same issue?

Alex,

Have you been able to get the query for incident details to work? I can get it to work for the statuses but nothing else so far.

Thanks!

------------------------------
OSU
------------------------------

Original Message:
Sent: 06-25-2020 02:52 AM
From: Alex Hedley
Subject: 15.7 REST API - Incident Details (get) 401 error

Could you try another endpoint:
incidents/statuses
Do you get the same issue?

------------------------------
Alex Hedley | Senior Developer | Protirus

Original Message:
Sent: 06-24-2020 10:20 PM
From: Jared Nealeigh
Subject: 15.7 REST API - Incident Details (get) 401 error

Hi all,

First post here - our organization upgraded to 15.7 a few months back.
With 15.7, SOAP API Incident reporting/details has been deprecated as they moved to fully support rest. (REF: https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=f6319a99-6c61-4d58-8554-f8cbdd380e4d&CommunityKey=65cf8c43-bb97-4e96-ae0b-0db8ba1b4d07&tab=librarydocuments#:~:text=The%20Incident%20Reporting%20and%20Update%20SOAP%20APIs%20are%20deprecated%20in,DLP%2015.7%20REST%20API%20documentation.&text=The%20SOAP%2Dbased%20version%20of,Incident%20Data%20Views%20are%20deprecated.)

The documentation for non Dev-related REST API is quite sparse.

i attempted to use basic authentication per the 15.7 Documentation and keep encountering error 401... I double checked my superadmin account has the API roles and all other permissions specified by the Doc.

"The APIs exposed by Symantec Data Loss Prevention (DLP) carry authentication and other classified data. To ensure security and confidentiality of the data, the Incident Reporting API service authenticates each client request using the HTTP basic authentication scheme" - https://apidocs.symantec.com/home/DLP15.7#_uri_scheme

Has anyone had luck with authenticating and using the REST Incident Details API?
I am trying to pull granular incident details not exportable in bulk for external reporting

Thank you,
Jared

Hi Alex,

Yes I am still encountering the same error as before. Any other ideas?


Original Message:
Sent: 06-25-2020 02:52 AM
From: Alex Hedley
Subject: 15.7 REST API - Incident Details (get) 401 error

Could you try another endpoint:
incidents/statuses
Do you get the same issue?

------------------------------
Alex Hedley | Senior Developer | Protirus

Original Message:
Sent: 06-24-2020 10:20 PM
From: Jared Nealeigh
Subject: 15.7 REST API - Incident Details (get) 401 error

Hi all,

First post here - our organization upgraded to 15.7 a few months back.
With 15.7, SOAP API Incident reporting/details has been deprecated as they moved to fully support rest. (REF: https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=f6319a99-6c61-4d58-8554-f8cbdd380e4d&CommunityKey=65cf8c43-bb97-4e96-ae0b-0db8ba1b4d07&tab=librarydocuments#:~:text=The%20Incident%20Reporting%20and%20Update%20SOAP%20APIs%20are%20deprecated%20in,DLP%2015.7%20REST%20API%20documentation.&text=The%20SOAP%2Dbased%20version%20of,Incident%20Data%20Views%20are%20deprecated.)

The documentation for non Dev-related REST API is quite sparse.

i attempted to use basic authentication per the 15.7 Documentation and keep encountering error 401... I double checked my superadmin account has the API roles and all other permissions specified by the Doc.

"The APIs exposed by Symantec Data Loss Prevention (DLP) carry authentication and other classified data. To ensure security and confidentiality of the data, the Incident Reporting API service authenticates each client request using the HTTP basic authentication scheme" - https://apidocs.symantec.com/home/DLP15.7#_uri_scheme

Has anyone had luck with authenticating and using the REST Incident Details API?
I am trying to pull granular incident details not exportable in bulk for external reporting

Thank you,
Jared

Hi,

As i could not found this information elsewhere i share it here.

The select and filter objects seems to be mandatory in the query.

The filter part is the most tricky but with an example and the documentation it should be possible to build more complex filters.

SoapUI:

Raw request:

------------------------------
Security Architect
DPS
------------------------------

Original Message:
Sent: 06-25-2020 04:32 PM
From: Jared Nealeigh
Subject: 15.7 REST API - Incident Details (get) 401 error

Hi Alex,

Yes I am still encountering the same error as before. Any other ideas?

Original Message:
Sent: 06-25-2020 02:52 AM
From: Alex Hedley
Subject: 15.7 REST API - Incident Details (get) 401 error

Could you try another endpoint:
incidents/statuses
Do you get the same issue?

------------------------------
Alex Hedley | Senior Developer | Protirus

Original Message:
Sent: 06-24-2020 10:20 PM
From: Jared Nealeigh
Subject: 15.7 REST API - Incident Details (get) 401 error

Hi all,

First post here - our organization upgraded to 15.7 a few months back.
With 15.7, SOAP API Incident reporting/details has been deprecated as they moved to fully support rest. (REF: https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=f6319a99-6c61-4d58-8554-f8cbdd380e4d&CommunityKey=65cf8c43-bb97-4e96-ae0b-0db8ba1b4d07&tab=librarydocuments#:~:text=The%20Incident%20Reporting%20and%20Update%20SOAP%20APIs%20are%20deprecated%20in,DLP%2015.7%20REST%20API%20documentation.&text=The%20SOAP%2Dbased%20version%20of,Incident%20Data%20Views%20are%20deprecated.)

The documentation for non Dev-related REST API is quite sparse.

i attempted to use basic authentication per the 15.7 Documentation and keep encountering error 401... I double checked my superadmin account has the API roles and all other permissions specified by the Doc.

"The APIs exposed by Symantec Data Loss Prevention (DLP) carry authentication and other classified data. To ensure security and confidentiality of the data, the Incident Reporting API service authenticates each client request using the HTTP basic authentication scheme" - https://apidocs.symantec.com/home/DLP15.7#_uri_scheme

Has anyone had luck with authenticating and using the REST Incident Details API?
I am trying to pull granular incident details not exportable in bulk for external reporting

Thank you,
Jared