Cisco Secure Access Data Loss Prevention Rule Events API

Data Loss Prevention Rule Events

The Cisco Secure Access Data Loss Prevention Events API provides visibility into the events recorded by Secure Access for the SaaS API, Real-Time, and AI guardrails Data Loss Prevention (DLP) rules. You can get a list of the events for each type of DLP rule and view the details about a specific DLP event identified by the event's type and unique ID.

You can find the Secure Access Data Loss Prevention Rule Events API endpoints in the reports scope.

Overview

Rate Limits for DLP Rule Events

Secure Access enables rate limits on the Data Loss Prevention Events API endpoints. For more information, see Rate Limits > Reports.

Request Headers

Unless specified, the Secure Access API endpoints use JSON for all requests and responses.

Note: For POST, PUT, and PATCH operations, set the HTTP Content-Type header to application/json in your API request.

DLP Rule Events API: Base Paths and Data Storage Regions

Secure Access supports latency-based routing of the Secure Access Data Loss Prevention Rule Events API requests. Depending on where you send an API request, you must use a certain Data Loss Prevention Rule Events API base URI to access your DLP event logs.

Choose the Data Loss Prevention Rule Events API base URI that matches your location and the region where Secure Access stores your DLP rules event logs.

  • https://api.sse.cisco.com/reports.eu/v2—Secure Access stores your DLP rule event logs in a Cisco data center that is located in Europe. However, you can connect to the API from a region outside of Europe.
  • https://api.sse.cisco.com/reports.us/v2—Secure Access stores your DLP rule event logs in a Cisco data center that is located in North America. However, you can connect to the API from a region outside of North America.

To view information about the location of your stored Secure Access logs, navigate to Admin > Log Management.

Secure Access API admin log storage

Data Loss Prevention Rule Events API Endpoints