Symantec Dlp

symantec dlp is a data protection solution that helps organizations prevent data breaches and ensure compliance symantec data loss prevention (dlp) is a comprehensive solution designed to protect sensitive data from unauthorized access and breaches the symantec dlp connector for swimlane turbine enables seamless integration with symantec's robust data protection capabilities, allowing users to automate incident response and policy management by leveraging this integration, swimlane turbine users can efficiently manage incidents, retrieve detailed incident data, and update policies, enhancing their security operations and reducing response times limitations none to date supported versions this connector uses version 16 1 symantec dlp additional docs authentication https //apidocs securitycloud symantec com/#/doc?id=introductionapi documentation https //apidocs securitycloud symantec com/#/doc?id=16 1 incidentdetails configuration prerequisites before you can use the symantec dlp connector for turbine, you'll need access to the symantec dlp api this requires the following http basic authentication using the following parameters url the endpoint url for accessing the symantec dlp api username your symantec dlp account username password the password associated with your symantec dlp account authentication methods basic authentication url the base endpoint for the symantec dlp api username your symantec dlp account username password your symantec dlp account password capabilities this symantec dlp connector provides the following capabilities get all component matches get component data get editable incident details get form image get incident components get incident correlations get incident history get incident message body get incident original message get policy matches get static incident details list incidents in csv list incidents in json list summary of incidents in csv list summary of incidents in json and so on get all component matches retrieves all the matches of the components for an incident ( click here https //apidocs securitycloud symantec com/#/doc?id=16 1 incidentdetails ) get component data retrieves the data of a specified incident component based on the component id ( click here https //apidocs securitycloud symantec com/#/doc?id=16 1 incidentdetails ) get editable incident details retrieves editable attributes of the specified incident the api only returns the attributes that the user has permissions to read ( click here https //apidocs securitycloud symantec com/#/doc?id=16 1 incidentdetails ) get form image retrieves the form image from the database or an external disk based on the message id and violation id ( click here https //apidocs securitycloud symantec com/#/doc?id=16 1 incidentdetails ) get incident components retrieves a list of all incident components the list contains the id, name and mime type of the components ( click here https //apidocs securitycloud symantec com/#/doc?id=16 1 incidentdetails ) get incident correlations retrieves the correlations of the specified incident ( click here https //apidocs securitycloud symantec com/#/doc?id=16 1 incidentdetails ) get incident history retrieves the history and notes of the specified incident ( click here https //apidocs securitycloud symantec com/#/doc?id=16 1 incidentdetails ) get incident message body retrieves the message body of the specified incident the message body is available for download if required permissions are satisfied ( click here https //apidocs securitycloud symantec com/#/doc?id=16 1 incidentdetails ) get incident original message retrieves the original message of the specified incident the original message is available for download if required permissions are satisfied ( click here https //apidocs securitycloud symantec com/#/doc?id=16 1 incidentdetails ) get policy matches retrieves information of the other violated policies for the specified incident ( click here https //apidocs securitycloud symantec com/#/doc?id=16 1 incidentdetails ) get static incident details retrieves static attributes of the specified incident only returns the attributes that the user has permissions to read ( click here https //apidocs securitycloud symantec com/#/doc?id=16 1 incidentdetails ) list incidents in csv retrieves multiple incidents in csv format using a single api call click here https //apidocs securitycloud symantec com/#/doc?id=16 1 incidentlists\&endpoint=post %2fprotectmanager%2fwebservices%2fv2%2fincidents%2fcsv list incidents in json generates a list of json formatted incidents based on specified criteria click here https //apidocs securitycloud symantec com/#/doc?id=16 1 incidentlists\&endpoint=post %2fprotectmanager%2fwebservices%2fv2%2fincidents list summary of incidents in csv retrieves a summary of incidents in csv format using a single api call click here https //apidocs securitycloud symantec com/#/doc?id=16 1 incidentlists\&endpoint=post %2fprotectmanager%2fwebservices%2fv2%2fincidents%2fsummary%2fcsv list summary of incidents in json retrieves a summary of incidents using a single api call click here https //apidocs securitycloud symantec com/#/doc?id=16 1 incidentlists\&endpoint=post %2fprotectmanager%2fwebservices%2fv2%2fincidents%2fsummary update a policy enables or disables policies specified by the policy id ( click here https //apidocs securitycloud symantec com/#/doc?id=16 1 incidentdetails ) configurations symantec dlp http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions get all component matches retrieve all component matches for a specified incident id in symantec dlp endpoint url /protectmanager/webservices/v2/incidents/{{id}}/components/matches method get input argument name type required description path parameters id number required the incident id input example {"path parameters" {"id" 1}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" \[{"messagecomponentid" 42,"messagecomponentname" "body","mimetype" "text/plain","originalsize" 200,"messagecomponenttypename" "body","iscomponentavailable"\ false},{"messagecomponentid" 43,"messagecomponentname" "secretfile doc","mimetype" "application/msword","originalsize" 134753,"messagecomponenttypename" "attachment","iscomponentavailable"\ true}]} get component data retrieve incident component data from symantec dlp using a specific component id provided in the path parameters endpoint url /protectmanager/webservices/v2/incidents/{{id}}/components/{{componentid}} method get input argument name type required description path parameters id number required the incident id path parameters componentid number required the message component id input example {"path parameters" {"id" 1,"componentid" 2}} output parameter type description status code number http status code of the response reason string response reason phrase file object output field file file file string output field file file file file name string name of the resource output example {"file" {"file" "string","file name" "example name"}} get editable incident details retrieve editable attributes of a specified incident in symantec dlp, including user permissions verification requires the incident id as a path parameter endpoint url /protectmanager/webservices/v2/incidents/{{id}}/history method get input argument name type required description path parameters id number required the incident id input example {"path parameters" {"id" 1}} output parameter type description status code number http status code of the response reason string response reason phrase incidentid number unique identifier infomap object output field infomap infomap preventorprotectstatusid number unique identifier infomap incidentstatusname string unique identifier infomap ishidingnotallowed boolean unique identifier infomap severityid number unique identifier infomap incidentstatusid number unique identifier infomap ishidden boolean unique identifier customattributegroups array output field customattributegroups customattributegroups name string name of the resource customattributegroups customattributes array output field customattributegroups customattributes customattributegroups customattributes name string name of the resource customattributegroups customattributes index number output field customattributegroups customattributes index customattributegroups customattributes displayorder number output field customattributegroups customattributes displayorder customattributegroups customattributes email boolean output field customattributegroups customattributes email customattributegroups nameinternationalized boolean name of the resource output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"incidentid" 1,"infomap" {"preventorprotectstatusid" 0,"incidentstatusname" "incident status new","ishidingnotallowed"\ false,"severityid" 1,"incidentstatusid" 1,"ishidden"\ false},"customattributegroups" \[{}]}} get form image retrieve the form image for a specified message and violation id from symantec dlp using path parameters id, messageid, and violationid endpoint url /protectmanager/webservices/v2/incidents/{{id}}/message/{{messageid}}/violation/{{violationid}}/image method get input argument name type required description path parameters id number required the incident id path parameters messageid number required the message id path parameters violationid number required the violation condition id input example {"path parameters" {"id" 1,"messageid" 2,"violationid" 3}} output parameter type description status code number http status code of the response reason string response reason phrase file object output field file file file string output field file file file file name string name of the resource output example {"file" {"file" "string","file name" "example name"}} get incident components retrieve all components of a symantec dlp incident, including id, name, and mime type, using the specified incident id endpoint url /protectmanager/webservices/v2/incidents/{{id}}/components method get input argument name type required description path parameters id number required the incident id input example {"path parameters" {"id" 1}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" \[{"messagecomponentid" 42,"messagecomponentname" "body","mimetype" "text/plain","originalsize" 200,"messagecomponenttypename" "body","iscomponentavailable"\ false},{"messagecomponentid" 43,"messagecomponentname" "secretfile doc","mimetype" "application/msword","originalsize" 134753,"messagecomponenttypename" "attachment","iscomponentavailable"\ true}]} get incident correlations retrieve correlations for a specified incident in symantec dlp using the unique identifier provided endpoint url /protectmanager/webservices/v2/incidents/{{id}}/correlations method get input argument name type required description path parameters id number required the incident id input example {"path parameters" {"id" 1}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" \[{"variable" "incident sender","label" "sender","correlationvalues" \[{"value" "janedoe\@gmail com","countsevendays" 0,"countthirtydays" 0,"countalldays" 24}]},{"variable" "incident recipient","label" "recipient","correlationvalues" \[{"value" "bobdoe\@gmail com","countsevendays" 0,"countthirtydays" 0,"countalldays" 24}]},{"variable" "incident message subject","label" "subject","correlationvalues" \[{"value" "secret","countsevendays" get incident history retrieve the history and notes for a specified incident in symantec dlp using the provided incident id endpoint url /protectmanager/webservices/v2/incidents/{{id}}/history method get input argument name type required description path parameters id number required the incident id input example {"path parameters" {"id" 1}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" \[{"incidenthistorydate" "2022 08 26t15 17 37 369","dlpusername" "administrator","incidenthistoryaction" "set status","incidenthistorydetail" "new","policygroupid" 1,"detectionservername" "vontu monitor one","incidentid" 1,"messagesource" "network","messagedate" "2017 07 27t16 08 09","incidenthistoryactionstring" "status changed"},{"incidenthistorydate" "2022 08 26t15 17 23 19","dlpusername" "administrator","incidenthistoryaction" get incident message body retrieve the message body of a specified incident from symantec dlp using an 'id' path parameter endpoint url /protectmanager/webservices/v2/incidents/{{id}}/messagebody method get input argument name type required description path parameters id number required the incident id input example {"path parameters" {"id" 1}} output parameter type description status code number http status code of the response reason string response reason phrase file object output field file file file string output field file file file file name string name of the resource output example {"file" {"file" "string","file name" "example name"}} get incident original message retrieve the original message of a specified incident in symantec dlp using the incident id endpoint url /protectmanager/webservices/v2/incidents/{{id}}/originalmessage method get input argument name type required description path parameters id number required the incident id input example {"path parameters" {"id" 1}} output parameter type description status code number http status code of the response reason string response reason phrase file object output field file file file string output field file file file file name string name of the resource output example {"file" {"file" "string","file name" "example name"}} get policy matches retrieve detailed policy violation information for a given incident id in symantec dlp endpoint url /protectmanager/webservices/v2/incidents/{{id}}/policymatches method get input argument name type required description path parameters id number required the incident id input example {"path parameters" {"id" 1}} output parameter type description status code number http status code of the response reason string response reason phrase violatedrules array output field violatedrules violatedrules rulename string name of the resource violatedrules ruletypei18nkey string type of the resource violatedrules matches number output field violatedrules matches policyname string name of the resource otherpoliciesviolated array output field otherpoliciesviolated otherpoliciesviolated policyid number unique identifier otherpoliciesviolated incidentid number unique identifier otherpoliciesviolated policyname string name of the resource otherpoliciesviolated preventorprotectstatusid number unique identifier matches number output field matches output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"violatedrules" \[{}],"policyname" "symantec","otherpoliciesviolated" \[{"policyid" 28476,"incidentid" 2147525031,"policyname" "blockbatnewdlpkeywords","preventorprotectstatusid" 0},{"policyid" 28314,"incidentid" 2147525029,"policyname" "ep block","preventorprotectstatusid" 0},{"policyid" 28355,"incidentid" 2147525030,"policyname" "qurantine edar policy","preventorprotectstatusid" 0}],"matches" 3}} get static incident details retrieve static attributes for a specified incident in symantec dlp, ensuring compliance with user permissions requires the incident id as a path parameter endpoint url /protectmanager/webservices/v2/incidents/{{id}}/staticattributes method get input argument name type required description path parameters id number required the incident id input example {"path parameters" {"id" 1}} output parameter type description status code number http status code of the response reason string response reason phrase incidentid number unique identifier infomap object output field infomap infomap attachmentinfo array output field infomap attachmentinfo infomap attachmentinfo messagecomponentname string name of the resource infomap attachmentinfo messagecomponentid number unique identifier infomap attachmentinfo wascracked boolean output field infomap attachmentinfo wascracked infomap attachmentinfo documentformat string output field infomap attachmentinfo documentformat infomap attachmentinfo messagecomponenttype number type of the resource infomap attachmentinfo originalsize string output field infomap attachmentinfo originalsize infomap attachmentinfo attachmentsize string output field infomap attachmentinfo attachmentsize infomap messageoriginatorid number unique identifier infomap filecreatedate string date value infomap uniquemessageid string unique identifier infomap fileaccessdate string date value infomap messagetype string type of the resource infomap endpointfilepath string output field infomap endpointfilepath infomap endpointapplicationpath string output field infomap endpointapplicationpath infomap senderipaddress string output field infomap senderipaddress infomap endpointvolumename string name of the resource infomap filecreatedby string output field infomap filecreatedby infomap domainusername string name of the resource infomap policyid number unique identifier infomap policyname string name of the resource output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"incidentid" 1,"infomap" {"attachmentinfo" \[],"messageoriginatorid" 1,"filecreatedate" "2019 06 26t17 33 06 71","uniquemessageid" "f1472cc7 cf59 405c 9f12 ce428b112978","fileaccessdate" "2019 06 26t00 00 00","messagetype" "endpointusb","endpointfilepath" "e \\\ftpme txt","endpointapplicationpath" "\\\device\\\harddiskvolume1\\\windows\\\explorer exe","senderipaddress" "10 66 221 73","endpointvolumename" "\\\device\\\harddisk1\\\dp(1)0 0 list incidents in csv retrieve multiple incidents in csv format using a single api call in symantec dlp requires json body with 'select' parameter endpoint url /protectmanager/webservices/v2incidents/csv method post input argument name type required description select array optional parameter for list incidents in csv select actionuser string optional for any incident type, lists the user or users who performed an action on an incident filter object optional parameter for list incidents in csv filter booleanoperator string optional the boolean operator to use for the filter filter filters array optional parameter for list incidents in csv filter filters operandone object optional parameter for list incidents in csv filter filters operandone name string optional specifies the type of incident, e g "network", "discover", "endpoint" filter filters filtertype string optional specifies the type of filter to use filter filters operator string optional specifies the operator to use for the filter filter filters operandtwovalues array optional specifies the values to use for the filter filter filters booleanoperator string optional parameter for list incidents in csv filter filters filters array optional parameter for list incidents in csv filter filters filters operandone object optional specifies the type of incident, e g "network", "discover", "endpoint" filter filters filters operandone name string optional specify the field name filter filters filters filtertype string optional specifies the type of filter to use filter filters filters operator string optional specifies the operator to use for the filter filter filters filters operandtwovalues array optional specifies the values to use for the filter filter filtertype string optional specifies the type of filter to use orderby array optional parameter for list incidents in csv orderby field object required for an incidentqueryrequest, any selectfield is allowed for an incidentsummaryqueryrequest, only the outer summary field or summarysortablefields are allowed orderby field name string optional specify the field name orderby order string optional define the sorting order for the field use asc for ascending or desc for descending page object optional parameter for list incidents in csv page type string required specify the pagination type page pagenumber number required specify the page number input example {"json body" {"select" \[{"name" "incidentid"},{"name" "policygroupid"}],"filter" {"booleanoperator" "and","filters" \[{"operandone" {"name" "messagesource"},"filtertype" "string","operator" "eq","operandtwovalues" \["network"]},{"booleanoperator" "or","filters" \[{"operandone" {"name" "messagetypeid"},"filtertype" "long","operator" "not in","operandtwovalues" \[48,49]},{"operandone" {"name" "messagetypeid"},"filtertype" "long","operator" "is null"}],"filtertype" "booleanlogic"}],"filtertype" "booleanlogic"},"orderby" \[{"field" {"name" "messagedate"},"order" "desc"}],"page" {"type" "offset","pagenumber" 1,"pagesize" 5}}} output parameter type description status code number http status code of the response reason string response reason phrase file object output field file file file name string name of the resource file file string output field file file output example {"file" {"file name" "example name","file" "string"}} list incidents in json generate a list of json formatted incidents in symantec dlp based on specified criteria, requiring the 'select' parameter in the json body endpoint url protectmanager/webservices/v2/incidents method protectmanager/webservices/v2/incidents input argument name type required description select array optional parameter for list incidents in json select actionuser string optional for any incident type, lists the user or users who performed an action on an incident filter object optional parameter for list incidents in json filter booleanoperator string optional the boolean operator to use for the filter filter filters array optional parameter for list incidents in json filter filters operandone object optional parameter for list incidents in json filter filters operandone name string optional specifies the type of incident, e g "network", "discover", "endpoint" filter filters filtertype string optional specifies the type of filter to use filter filters operator string optional specifies the operator to use for the filter filter filters operandtwovalues array optional specifies the values to use for the filter filter filters booleanoperator string optional parameter for list incidents in json filter filters filters array optional parameter for list incidents in json filter filters filters operandone object optional specifies the type of incident, e g "network", "discover", "endpoint" filter filters filters operandone name string optional specify the field name filter filters filters filtertype string optional specifies the type of filter to use filter filters filters operator string optional specifies the operator to use for the filter filter filters filters operandtwovalues array optional specifies the values to use for the filter filter filtertype string optional specifies the type of filter to use orderby array optional parameter for list incidents in json orderby field object required for an incidentqueryrequest, any selectfield is allowed for an incidentsummaryqueryrequest, only the outer summary field or summarysortablefields are allowed orderby field name string optional specify the field name orderby order string optional define the sorting order for the field use asc for ascending or desc for descending page object optional parameter for list incidents in json page type string required specify the pagination type page pagenumber number required specify the page number input example {"json body" {"select" \[{"name" "incidentid"},{"name" "policygroupid"}],"filter" {"booleanoperator" "and","filters" \[{"operandone" {"name" "messagesource"},"filtertype" "string","operator" "eq","operandtwovalues" \["network"]},{"booleanoperator" "or","filters" \[{"operandone" {"name" "messagetypeid"},"filtertype" "long","operator" "not in","operandtwovalues" \[48,49]},{"operandone" {"name" "messagetypeid"},"filtertype" "long","operator" "is null"}],"filtertype" "booleanlogic"}],"filtertype" "booleanlogic"},"orderby" \[{"field" {"name" "messagedate"},"order" "desc"}],"page" {"type" "offset","pagenumber" 1,"pagesize" 5}}} output parameter type description status code number http status code of the response reason string response reason phrase incidents array unique identifier incidents messagesubject string unique identifier incidents policyname string unique identifier incidents policygroupid number unique identifier incidents messageid number unique identifier incidents matchcount number unique identifier incidents preventorprotectstatusid number unique identifier incidents hasattachment string unique identifier incidents incidentstatusname string unique identifier incidents messagetype string unique identifier incidents messagetypeid number unique identifier incidents messagedate string unique identifier incidents incidentid number unique identifier incidents severityid number unique identifier incidents networksenderidentifier string unique identifier output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"incidents" \[{},{}]}} list summary of incidents in csv retrieve a summary of incidents in csv format from symantec dlp using a single api call requires 'groupby' parameter in the json body endpoint url protectmanager/webservices/v2/incidents/summary/csv method post input argument name type required description filter object optional parameter for list summary of incidents in csv filter filtertype string optional specifies the type of filter to use filter booleanoperator string optional the boolean operator (and, or) to apply to the embedded filters filter filters array optional the filters to apply to the data filter filters filtertype string optional specifies the type of filter to use filter filters operandone object optional specifies the field to filter by filter filters operandone name object optional specify the field name filter filters operandone name messagetypeid number optional the id of the message type filter filters operator string optional the operator to use for the filter filter filters operandtwovalues array optional the values to use for the filter filter filters booleanoperator string optional the boolean operator (and, or) to apply to the embedded filters filter filters filters array optional the filters to apply to the data filter filters filters filtertype string optional specifies the type of filter to use filter filters filters operandone object optional specifies the field to filter by filter filters filters operandone name string optional specify the field name filter filters filters operator string optional the operator to use for the filter filter filters filters operandtwovalues array optional the values to use for the filter orderby array optional parameter for list summary of incidents in csv orderby field object required for an incidentqueryrequest, any selectfield is allowed for an incidentsummaryqueryrequest, only the outer summary field or summarysortablefields are allowed orderby field name string optional specify the field name orderby order string optional define the sorting order for the field use asc for ascending or desc for descending groupby object optional parameter for list summary of incidents in csv groupby outersummary object required parameter for list summary of incidents in csv groupby outersummary categories string optional for network incidents, the categories of the url, as classified by proxysg and asg, to determine riskiness of the destination url groupby innersummary object optional parameter for list summary of incidents in csv input example {"json body" {"filter" {"filtertype" "booleanlogic","booleanoperator" "and","filters" \[{"filtertype" "long","operandone" {"name" {"messagetypeid" 48}},"operator" "in","operandtwovalues" \[48,49]},{"filtertype" "booleanlogic","booleanoperator" "and","filters" \[{"filtertype" "string","operandone" {"name" "restcommondatatype"},"operator" "eq","operandtwovalues" \["dar"]}]}]},"orderby" \[{"field" {"name" "restcommonapplication"},"order" "asc"}],"groupby" {"outersummary" {"categories" "restcommonapplication"},"innersummary" {"categories" "incidentstatusid"}},"page" {"type" "offset","pagenumber" 1,"pagesize" 100}}} output parameter type description status code number http status code of the response reason string response reason phrase file object output field file file file name string name of the resource file file string output field file file output example {"status code" 200,"response headers" {},"reason" "ok","file" {"file name" "list summary of incidents in csv output csv","file" "data\ text/csv;base64, "}} list summary of incidents in json retrieve a summary of incidents in symantec dlp using a single api call, requiring the groupby parameter in json format endpoint url /protectmanager/webservices/v2incidents/summary method post input argument name type required description filter object optional parameter for list summary of incidents in json filter filtertype string optional specifies the type of filter to use filter booleanoperator string optional the boolean operator (and, or) to apply to the embedded filters filter filters array optional the filters to apply to the data filter filters filtertype string optional specifies the type of filter to use filter filters operandone object optional specifies the field to filter by filter filters operandone name object optional specify the field name filter filters operandone name messagetypeid number optional the id of the message type filter filters operator string optional the operator to use for the filter filter filters operandtwovalues array optional the values to use for the filter filter filters booleanoperator string optional the boolean operator (and, or) to apply to the embedded filters filter filters filters array optional the filters to apply to the data filter filters filters filtertype string optional specifies the type of filter to use filter filters filters operandone object optional specifies the field to filter by filter filters filters operandone name string optional specify the field name filter filters filters operator string optional the operator to use for the filter filter filters filters operandtwovalues array optional the values to use for the filter orderby array optional parameter for list summary of incidents in json orderby field object required for an incidentqueryrequest, any selectfield is allowed for an incidentsummaryqueryrequest, only the outer summary field or summarysortablefields are allowed orderby field name string optional specify the field name orderby order string optional define the sorting order for the field use asc for ascending or desc for descending groupby object optional parameter for list summary of incidents in json groupby outersummary object required parameter for list summary of incidents in json groupby outersummary categories string optional for network incidents, the categories of the url, as classified by proxysg and asg, to determine riskiness of the destination url groupby innersummary object optional parameter for list summary of incidents in json input example {"json body" {"filter" {"filtertype" "booleanlogic","booleanoperator" "and","filters" \[{"filtertype" "long","operandone" {"name" {"messagetypeid" 48}},"operator" "in","operandtwovalues" \[48,49]},{"filtertype" "booleanlogic","booleanoperator" "and","filters" \[{"filtertype" "string","operandone" {"name" "restcommondatatype"},"operator" "eq","operandtwovalues" \["dar"]}]}]},"orderby" \[{"field" {"name" "restcommonapplication"},"order" "asc"}],"groupby" {"outersummary" {"categories" "restcommonapplication"},"innersummary" {"categories" "incidentstatusid"}},"page" {"type" "offset","pagenumber" 1,"pagesize" 100}}} output parameter type description status code number http status code of the response reason string response reason phrase summary object output field summary summary total number output field summary total summary high number output field summary high summary outersummary array output field summary outersummary summary outersummary summary string output field summary outersummary summary summary outersummary total number output field summary outersummary total summary outersummary high number output field summary outersummary high summary outersummary low number output field summary outersummary low summary outersummary innersummary array output field summary outersummary innersummary summary outersummary innersummary summary string output field summary outersummary innersummary summary summary outersummary innersummary total number output field summary outersummary innersummary total summary outersummary innersummary high number output field summary outersummary innersummary high summary outersummary innersummary low number output field summary outersummary innersummary low summary outersummary innersummary label string output field summary outersummary innersummary label summary outersummary innersummary med number output field summary outersummary innersummary med summary outersummary innersummary matches number output field summary outersummary innersummary matches summary outersummary innersummary value string value for the parameter summary outersummary innersummary info number output field summary outersummary innersummary info summary outersummary label string output field summary outersummary label summary outersummary rowcount number count value summary outersummary value string value for the parameter summary outersummary med number output field summary outersummary med summary outersummary matches number output field summary outersummary matches output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"summary" {"total" 119,"high" 119,"outersummary" \[],"low" 0,"rowcount" 3,"med" 0,"matches" 210,"info" 0}}} update a policy enable or disable a specific symantec dlp policy using the provided policy id and enable status endpoint url /protectmanager/webservices/v2/policy/{{policyid}} method put input argument name type required description path parameters policyid number required the policy id enable boolean optional set true when you want to activate the policy, set false when you want to deactivate the policy input example {"json body" {"enable"\ true},"path parameters" {"policyid" 1}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" "policy is updated successfully "} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt