Examples for DLP Core APIs introduced in DLP 16.0: Managing Sender/Recipient Patterns.

For the purposes of these examples we will be using json format that is accepted by Postman.

For the purposes of testing with Postman, you must do the following:

1. On the 'Authentication' tab, enter appropriate credentials for an API user with appropriate DLP access.
2. On the 'Headers' tab you must add a key for 'ContentType' with a value of 'JSON'
3. The examples below will be placed into the 'Body' Tab. 

Use the Sender/Recipient Patterns Management APIs to manage the sender/recipient patterns. Perform the following tasks with the Sender/Recipient Patterns Management APIs:

1. Create a sender/recipient pattern for use in DLP policies.

Example:

Request:
POST https://localhost/ProtectManager/webservices/v2/senderRecipientPattern
{
 "name": "sender pattern 25",
 "description": "sender desc 25",
 "ruleType": 4,
  "userPatterns": [
   "[email protected]",
   "JaneDoe",
   "JohnDoe"
     ],
  "ipAddresses": [
   "192.2.0.1",
   "2001:db8:3:4:5:6:7:8"
]
}

Response:
Status: 201 Created
{
 "id": 18,
 "name": "sender pattern 25",
 "description": "sender desc 25",
 "ruleType": 4,
 "modifiedDate": "04/06/22 08:40 PM",
 "modifiedBy": {
 "id": 1,
 "name": "Administrator"
 },
  "userPatterns": [
   "[email protected]",
   "JaneDoe",
   "JohnDoe"
 ],
  "ipAddresses": [
   "192.2.0.1",
   "2001:db8:3:4:5:6:7:8"

2. List details for a specified sender/recipient pattern.

Request:
GET https://localhost/ProtectManager/webservices/v2/senderRecipientPattern/1

Response:
Status: 200 OK
{
 "id": 18,
 "name": "sender pattern 25",
 "description": "sender desc updated",
 "ruleType": 4,
 "modifiedDate": "04/06/22 08:44 PM",
 "modifiedBy": {
 "id": 1,
 "name": "Administrator"
 },
  "userPatterns": [
   "[email protected]",
   "JohnDoe"
 ],
  "ipAddresses": [
   "192.2.0.1",
   "2001:db8:3:4:5:6:7:8",
   "2001:db8:e808:3:*:*:*:*"
]
}

3. Update condition parameters for a specified sender/recipient pattern.

Request:
PUT https://localhost/ProtectManager/webservices/v2/senderRecipientPattern/18
{
 "name": "sender pattern 25",
 "description": "sender desc updated",
 "ruleType": 4,
 "userPatterns": [
  "[email protected]",
  "JohnDoe"
 ],
 "ipAddresses": [
  "192.2.0.1",
  "2001:db8:3:4:5:6:7:8",
  "2001:db8:e808:3:*:*:*:*"
]
}

Response: 
Status: 200 OK
{
 "id": 18,
 "name": "sender pattern 25",
 "description": "sender desc updated",
 "ruleType": 4,
 "modifiedDate": "04/06/22 08:44 PM",
 "modifiedBy": {
  "id": 1,
  "name": "Administrator"
},
 "userPatterns": [
  "[email protected]",
  "JohnDoe"
],
 "ipAddresses": [
  "192.2.0.1",
  "2001:db8:3:4:5:6:7:8",
  "2001:db8:e808:3:*:*:*:*"
]
}

4. Delete a sender/recipient pattern.

Request:
DELETE https://localhost/ProtectManager/webservices/v2/senderRecipientPattern/1

Response:
Status: 200 OK
"Sender/Recipient pattern deleted successfully."

*Note this will break your policies as of DLP 16.0.206 since it allows you to delete the pattern but does not remove it from your polices. If you want to use this function remove all references to this pattern from all the policies. 

5. List all policies that use a specified sender/recipient pattern.

Request:
GET https://localhost/ProtectManager/webservices/v2/senderRecipientPattern/1/policies

Response:
Status: 200 OK
[
 {
  "id": 1,
  "name": "secret rule"
 },
 {
  "id": 2,
  "name": "sender pattern policy"
}
]

A full list of API commands can be found here:

Data Loss Prevention (DLP) Sender Recipient Pattern Management API (symantec.com)