Create Real-Time DLP Rule - Cloud Security API

{"type":"api","title":"Create Real-Time DLP Rule","meta":{"id":"/apps/pubhub/media/cloud-security-apis-in-eft/83e8a10367d157243cd1c3e478b807cb81262a3d/8d86edee-12fb-373d-b1e1-d0caf3a16e2d","info":{"title":"Data Loss Prevention Policy Rules API","description":"Manage the Data Loss Prevention (DLP) rules, classifications, and data identifiers.","version":"1.0.0","contact":{"name":"Cloud Security Developer Community"}},"security":[{"oauthFlow":[]}],"tags":[{"name":"DataIdentifiers","description":"Operations related to DLP data identifiers."},{"name":"Classifications","description":"Operations related to DLP classifications."},{"name":"Rules","description":"Operations related to DLP rules."},{"name":"Secure Access"}],"x-parser-conf":{"overview":{"markdownPath":"secure-access/reference/policies/dlp-rules-overview.md","uri":"secure-access-api-reference-dlp-policy-rules-overview"}},"openapi":"3.0.3","servers":[{"url":"https://api.sse.cisco.com/{basePath}","variables":{"basePath":{"default":"policies/v2"}}}],"securitySchemes":{"oauthFlow":{"type":"oauth2","description":"The client credential flow.","flows":{"clientCredentials":{"tokenUrl":"https://api.sse.cisco.com/auth/v2/token","scopes":{"policies.dlp:read":"Read dlp classifications, data identifiers, and rules","policies.dlp:write":"Write dlp classifications, data identifiers, and rules"}}}}}},"spec":{"tags":["Rules","Secure Access"],"operationId":"createRealTimeDlpRule","summary":"Create Real-Time DLP Rule","description":"Create a real-time DLP rule with the specified properties.","requestBody":{"required":true,"content":{"application/json":{"schema":{"type":"object","required":["name","action","type"],"description":"The properties used to create a DLP rule.","properties":{"name":{"type":"string","minLength":6,"maxLength":255,"description":"The name of the DLP rule.","example":"new SaaS API rule one","$$ref":"#/components/schemas/nameDlpRule"},"description":{"type":"string","description":"The description of the DLP rule.","example":"This rule is used for sensitive data.","$$ref":"#/components/schemas/descriptionDlpRule"},"enabled":{"type":"boolean","description":"Specifies whether the system enabled the DLP rule.","example":true,"$$ref":"#/components/schemas/enabled"},"action":{"type":"string","format":"enum","default":"MONITOR","enum":["BLOCK","DELETE","MONITOR","QUARANTINE","REVOKE_SHARING"],"description":"Action to take when the rule matches.","example":"BLOCK","$$ref":"#/components/schemas/Action"},"severity":{"type":"string","format":"enum","enum":["INFO","WARNING","ALERT","CRITICAL"],"description":"Severity of the rule.","example":"INFO","$$ref":"#/components/schemas/Severity"},"type":{"type":"string","format":"enum","enum":["AI_DEFENSE","EMAIL","INLINE","OOB"],"description":"The type of the DLP rule.","example":"AI_DEFENSE","$$ref":"#/components/schemas/RuleType"},"identities":{"type":"array","description":"The list of identities associated with the DLP rule.","items":{"type":"object","description":"The properties of the identity.","properties":{"originId":{"type":"integer","description":"The unique identifier of the identity.","example":1339712162},"originTypeId":{"type":"integer","description":"The type of the identity either directory_user or directory_group.","example":7},"details":{"type":"string","description":"The additonal details about the identity described in the JSON format.","example":"{\n \"originId\": 1339712162,\n \"label\": \"Kit Kit\",\n \"originTypeId\": 7,\n \"type\": \"directory_user\"\n}"}},"$$ref":"#/components/schemas/Identity"},"$$ref":"#/components/schemas/identities"},"excludedIdentities":{"type":"array","description":"The list of identities that the system excludes from the DLP rule.","items":{"type":"object","description":"The properties of the identity.","properties":{"originId":{"type":"integer","description":"The unique identifier of the identity.","example":1339712162},"originTypeId":{"type":"integer","description":"The type of the identity either directory_user or directory_group.","example":7},"details":{"type":"string","description":"The additonal details about the identity described in the JSON format.","example":"{\n \"originId\": 1339712162,\n \"label\": \"Kit Kit\",\n \"originTypeId\": 7,\n \"type\": \"directory_user\"\n}"}},"$$ref":"#/components/schemas/Identity"},"$$ref":"#/components/schemas/excludedIdentities"},"classifications":{"type":"array","description":"The list of the data classifications associated with the DLP rule.","items":{"type":"string","format":"uuid","description":"The unique identifier of the data classification.","example":"83374fac-0543-4f77-80e6-6359a67cfc96"},"$$ref":"#/components/schemas/classificationsCreate"},"allDestinationsScope":{"type":"string","format":"enum","enum":["NONE","FILES_AND_FORMS","FILES_AND_VETTED_APPS_FORMS"],"description":"The scope of all of the destinations for the DLP rule.","$$ref":"#/components/schemas/allDestinationsScope"},"destinations":{"type":"object","description":"Details of a destination.","properties":{"type":{"type":"string","description":"Type of the destination (e.g., url, domain).","example":"url"},"address":{"type":"string","description":"Address of the destination.","example":"http://example.com"}},"$$ref":"#/components/schemas/Destination"},"destinationListIds":{"type":"array","items":{"type":"integer","format":"int64"},"description":"The list of IDs for the destination lists associated with the DLP rule.","$$ref":"#/components/schemas/destinationListIds"},"excludedDestinationListIds":{"type":"array","items":{"type":"integer","format":"int64"},"description":"The list of IDs for the destination lists that the system excludes from the DLP rule.","$$ref":"#/components/schemas/excludedDestinationListIds"},"applications":{"type":"array","items":{"type":"object","required":["id"],"description":"Details of an application.","properties":{"id":{"type":"integer","format":"int64","description":"Unique application identifier.","example":75},"trafficDirection":{"type":"string","format":"enum","enum":["BOTH","REQUEST","RESPONSE","INTERNAL"],"description":"Traffic direction for the application or resource.","$$ref":"#/components/schemas/TrafficDirectionType"}},"$$ref":"#/components/schemas/Application"},"description":"The list of applications associated with the DLP rule.","$$ref":"#/components/schemas/applications"},"applicationIds":{"type":"array","items":{"type":"integer","format":"int64"},"description":"The list of IDs for applications associated with the DLP rule.","$$ref":"#/components/schemas/applicationIds"},"applicationCategories":{"type":"array","items":{"type":"object","required":["id"],"description":"Details of an application category.","properties":{"id":{"type":"integer","format":"int64","description":"Unique application category identifier.","example":10},"trafficDirection":{"type":"string","format":"enum","enum":["BOTH","REQUEST","RESPONSE","INTERNAL"],"description":"Traffic direction for the application or resource.","$$ref":"#/components/schemas/TrafficDirectionType"}},"$$ref":"#/components/schemas/ApplicationCategory"},"description":"The list of application categories associated with the DLP rule.","$$ref":"#/components/schemas/applicationCategories"},"applicationCategoryIds":{"type":"array","items":{"type":"integer","format":"int64"},"description":"The list of IDs for the application categories associated with the DLP rule.","$$ref":"#/components/schemas/applicationCategoryIds"},"privateResources":{"type":"array","items":{"type":"object","required":["id"],"description":"Details of a private resource.","properties":{"id":{"type":"integer","format":"int64","description":"Unique private resource identifier.","example":10},"trafficDirection":{"type":"string","format":"enum","enum":["BOTH","REQUEST","RESPONSE","INTERNAL"],"description":"Traffic direction for the application or resource.","$$ref":"#/components/schemas/TrafficDirectionType"}},"$$ref":"#/components/schemas/PrivateResource"},"description":"The list of private resources associated with the DLP rule.","$$ref":"#/components/schemas/privateResources"},"excludedPrivateResources":{"type":"array","items":{"type":"object","required":["id"],"description":"Details of a private resource.","properties":{"id":{"type":"integer","format":"int64","description":"Unique private resource identifier.","example":10},"trafficDirection":{"type":"string","format":"enum","enum":["BOTH","REQUEST","RESPONSE","INTERNAL"],"description":"Traffic direction for the application or resource.","$$ref":"#/components/schemas/TrafficDirectionType"}},"$$ref":"#/components/schemas/PrivateResource"},"description":"The list of private resources to exclude from the DLP rule.","$$ref":"#/components/schemas/excludedPrivateResources"},"privateResourceGroups":{"type":"array","items":{"type":"object","required":["id"],"description":"Priovate Resource Group details","properties":{"id":{"type":"integer","format":"int64","description":"Unique private resource identifier.","example":10},"trafficDirection":{"type":"string","format":"enum","enum":["BOTH","REQUEST","RESPONSE","INTERNAL"],"description":"Traffic direction for the application or resource.","$$ref":"#/components/schemas/TrafficDirectionType"}},"$$ref":"#/components/schemas/PrivateResourceGroup"},"description":"The list of private resource groups associated with the DLP rule.","$$ref":"#/components/schemas/privateResourceGroups"},"excludedPrivateResourceGroups":{"type":"array","items":{"type":"object","required":["id"],"description":"Priovate Resource Group details","properties":{"id":{"type":"integer","format":"int64","description":"Unique private resource identifier.","example":10},"trafficDirection":{"type":"string","format":"enum","enum":["BOTH","REQUEST","RESPONSE","INTERNAL"],"description":"Traffic direction for the application or resource.","$$ref":"#/components/schemas/TrafficDirectionType"}},"$$ref":"#/components/schemas/PrivateResourceGroup"},"description":"List of private resource groups to be excluded from the rule.","$$ref":"#/components/schemas/excludedPrivateResourceGroups"},"scannableContexts":{"type":"array","description":"The list of scannable contexts.","items":{"type":"string","format":"enum","enum":["CONTENT","FILENAME"],"description":"The scannable context where the rule applies.","example":"CONTENT","$$ref":"#/components/schemas/ScannableContext"},"example":["CONTENT"],"$$ref":"#/components/schemas/scannableContexts"},"fileSizeFrom":{"type":"integer","description":"The minimum file size in KB for the system to apply the DLP rule.","example":1024,"$$ref":"#/components/schemas/fileSizeFrom"},"fileSizeTo":{"type":"integer","description":"The maximum file size in KB for the system to apply the DLP rule.","example":10485760,"$$ref":"#/components/schemas/fileSizeTo"},"notifyOwner":{"type":"boolean","description":"Specifies whether the system notifies the owner when the rule is triggered.","example":false,"$$ref":"#/components/schemas/notifyOwner"},"notifyActor":{"type":"boolean","description":"Specifies whether the system notifies the actor when the rule is triggered.","example":false,"$$ref":"#/components/schemas/notifyActor"},"mipTags":{"type":"array","description":"The list of of Microsoft Information Protection (MIP) tags.","items":{"type":"string","example":"test"},"$$ref":"#/components/schemas/mipTags"}},"$$ref":"#/components/schemas/DLPRuleCreateRequest"},"examples":{"example-request":{"summary":"Example Request","value":{"name":"Custom DLP Rule","description":"A custom DLP rule for sensitive data.","enabled":true,"action":"BLOCK","severity":"ALERT","type":"INLINE","identities":[{"originId":654117780,"originTypeId":1,"details":"{\"id\":10,\"name\":\"demo proxy\"}"},{"originId":0,"originTypeId":9,"details":"{\"id\":9,\"name\":\"roaming\"}"}],"applications":[{"id":2,"trafficDirection":"RESPONSE"},{"id":1,"trafficDirection":"REQUEST"}],"classifications":["b1c2d3e4-f5a6-7890-bcde-fa2345678901","a1b2c3d4-e5f6-7890-abcd-ef1234567890"],"scannableContexts":["CONTENT"],"mipTags":["Confidential","InternalUseOnly"]},"$$ref":"#/components/examples/DLPRuleCreateRequestExample"}}}}},"security":[{"oauthFlow":["policies.dlp:write"]}],"responses":{"201":{"description":"Created","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","description":"The properties of a DLP rule.","properties":{"id":{"type":"string","description":"The unique identifier of the DLP rule.","example":"a861476c-f6a7-4d15-bf59-07aff51fc807","$$ref":"#/components/schemas/idDlpRule"},"name":{"type":"string","minLength":6,"maxLength":255,"description":"The name of the DLP rule.","example":"new SaaS API rule one","$$ref":"#/components/schemas/nameDlpRule"},"description":{"type":"string","description":"The description of the DLP rule.","example":"This rule is used for sensitive data.","$$ref":"#/components/schemas/descriptionDlpRule"},"enabled":{"type":"boolean","description":"Specifies whether the system enabled the DLP rule.","example":true,"$$ref":"#/components/schemas/enabled"},"action":{"type":"string","format":"enum","default":"MONITOR","enum":["BLOCK","DELETE","MONITOR","QUARANTINE","REVOKE_SHARING"],"description":"Action to take when the rule matches.","example":"BLOCK","$$ref":"#/components/schemas/Action"},"severity":{"type":"string","format":"enum","enum":["INFO","WARNING","ALERT","CRITICAL"],"description":"Severity of the rule.","example":"INFO","$$ref":"#/components/schemas/Severity"},"secureIcapEnabled":{"type":"boolean","description":"Indicates whether Secure ICAP is enabled.","example":true},"identities":{"type":"array","description":"List of identities associated with the rule. This field is only included if `includeDetails` contains `identities`.\n","items":{"type":"object","description":"The properties of the identity.","properties":{"originId":{"type":"integer","description":"The unique identifier of the identity.","example":1339712162},"originTypeId":{"type":"integer","description":"The type of the identity either directory_user or directory_group.","example":7},"details":{"type":"string","description":"The additonal details about the identity described in the JSON format.","example":"{\n \"originId\": 1339712162,\n \"label\": \"Kit Kit\",\n \"originTypeId\": 7,\n \"type\": \"directory_user\"\n}"}},"$$ref":"#/components/schemas/Identity"}},"applications":{"type":"array","description":"List of applications associated with the rule. This field is only included if `includeDetails` contains `applications`.\n","items":{"type":"object","required":["id"],"description":"Details of an application.","properties":{"id":{"type":"integer","format":"int64","description":"Unique application identifier.","example":75},"trafficDirection":{"type":"string","format":"enum","enum":["BOTH","REQUEST","RESPONSE","INTERNAL"],"description":"Traffic direction for the application or resource.","$$ref":"#/components/schemas/TrafficDirectionType"}},"$$ref":"#/components/schemas/Application"}},"classifications":{"type":"array","description":"The list of data classifications associated with the rule. \nThis field is only included if `includeDetails` contains `classifications`.","items":{"type":"object","required":["id"],"description":"The ID and name of the Reference object.","properties":{"id":{"type":"string","format":"uuid","example":"4dad81be-cc99-47ef-922b-cc882da5b885","description":"The unique identifier of the Reference object."},"name":{"type":"string","description":"The name of the Reference object.","example":"Credit Card Number"}},"$$ref":"#/components/schemas/IdNameRef"},"$$ref":"#/components/schemas/DLPRuleClassifications"}},"$$ref":"#/components/schemas/DLPRule"},"examples":{"example-success":{"summary":"Example Response","value":{"id":"d1e2f3a4-b5c6-7890-abcd-ef1234567890","name":"Default DLP Rule","description":"A default DLP rule for data protection.","enabled":true,"action":"MONITOR","severity":"ALERT","type":"INLINE","secureIcapEnabled":true,"identities":[{"originId":0,"originTypeId":9,"details":"{\"id\":9,\"name\":\"roaming\"}"}],"applications":[{"id":1,"trafficDirection":"REQUEST"}],"classifications":[{"id":"a1b2c3d4-e5f6-7890-abcd-ef1234567890","name":"Built-in Privacy Data Classification (US)"}],"scannableContexts":["CONTENT"],"mipTags":[]},"$$ref":"#/components/examples/DLPRuleExample"}}}}},"400":{"description":"Bad Request","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","description":"Standard error response format","properties":{"error":{"type":"string","description":"Error description","example":"Something went wrong please"},"statusCode":{"type":"integer","description":"HTTP status code","example":400},"txId":{"type":"string","description":"Unique transaction ID for tracing the request","example":"a82ddc7e-cd7e-4c2a-ab80-76577085fbc9"}},"$$ref":"#/components/schemas/ApiErrorResponse"}}},"$$ref":"#/components/responses/BadRequestError"},"500":{"description":"Internal Server Error","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","description":"Standard error response format","properties":{"error":{"type":"string","description":"Error description","example":"Something went wrong please"},"statusCode":{"type":"integer","description":"HTTP status code","example":400},"txId":{"type":"string","description":"Unique transaction ID for tracing the request","example":"a82ddc7e-cd7e-4c2a-ab80-76577085fbc9"}},"$$ref":"#/components/schemas/ApiErrorResponse"}}},"$$ref":"#/components/responses/InternalServerError"}},"__originalOperationId":"createRealTimeDlpRule","method":"post","path":"/dlp/realTime/rules"}}