search cancel

Incident Reporting and Update RESTful API query samples

book

Article ID: 215336

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Enforce

Issue/Introduction

You are looking for Incident Reporting and Update RESTful API query samples.

Environment

These samples are valid for DLP 15.7 - 15.8 MP1

Resolution

This information is provided as a demonstration of a few of the available methods in the Incident REST API. Adapting these examples into a REST client is up to the end-user. Assistance with developing a REST client is only provided by professional services, not support.

Getting Started

  1. Create a role and user for API access.
  2. Become familiar with the methods and attributes provided by the API.
    Introducing the Enforce Server APIs

Getting Ready to Test Queries

  1. Install a REST API test extension into your Edge or Chrome browser
    1. These examples use the Talend API Tester Free Edition extension.
    2. These examples assume you're using a browser on the Enforce, hence the server portion of the URLs is always "localhost"; adjust this as necessary for your environment.
  2. Open the API Tester extension
  3. Click Add Project and name it "Incidents"

Adding a Note to an Incident

  1. Click Add Scenario, name the default request "Add Note" and click "Open Request"
  2. Add a basic Authorization Header with the appropriate user name and password
  3. Set the Method to PATCH and the sheme to "https://localhost/ProtectManager/webservices/v2/incidents"
  4. Set the request body to the following, replacing the incidentIds with the appropriate incident id that you want to test with. This example is using incident id 64 for demonstration purposes only:
    {
      "requestId":"Talend",
      "incidentIds":[
         64
        ],
      "incidentNotes":[
         {
            "note":"Hello World" 
         }
        ]
    }
  5. Click the blue Send button
  6. The full setup and response should look something like the following:
  7. Navigating to the incident you updated, in the demo case incident 64, the notes tab should show "Hello World" similar to the below:

Retrieving a list of Incidents

  1. Change the method to POST
  2. Set the request body to the following:
    {
      "select": [
        {"name": "incidentId"}
        , {"name": "creationDate"}
        , {"name": "matchCount" }
        , {"name": "messageSubject"}
        ]
      , "orderby":[{
        "field": {
          "name": "messageDate" 
        }  
         , "order" : "DESC"
        }]
         , "limit": 2
    }
  3. Click the blue send button. You should see a response similar to the following:

Viewing Static Incident Attributes

  1. Change the method to GET
  2. Change the URL to https://localhost/ProtectManager/webservices/v2/incidents/<incidentId>/staticAttributes
  3. You should get a response similar to the following:

Updating an Incident Status to Resolved

  1. In the Talend API Tester
    1. Set the method to GET
    2. Set the URL to https://localhost/ProtectManager/webservices/v2/incidents/statuses
    3. Click the blue send button
    4. Notice the following statutes are returned in the response body (there may be others):
      [{"name":"incident.status.New","id":1},{"name":"Escalated","id":22},{"name":"Investigation","id":24},{"name":"Resolved","id":21},{"name":"Dismissed","id":23}]
    5. Note that Resolved in this case is 21
  2. Next
    1. Set the method to PATCH
    2. Set the URL to https://localhost/ProtectManager/webservices/v2/incidents/
    3. Set the request body to the following (change the incident id list as appropriate):
      {
        "requestId":"Talend",
        "incidentIds":[
           64
          ],
        "incidentStatusId": 21
      }
    4. Click the blue send button
    5. Navigating to the incident snapshot in the Enforce console, notice that the Status is now set to Resolved, as shown below:

Additional Information

See also: Introducing the Enforce Server APIs

Attachments