Introduction

This guide provides information about the Representational State Transfer (REST) Application Programming Interface (APIs) available for Forcepoint DLP.

The Forcepoint DLP REST APIs provide a set of rules that lets your application communicate with Forcepoint DLP using the HTTP protocol over predefined URLs. These URLs represent Forcepoint DLP content that can be returned as JavaScript Object Notation (JSON) files.

Starting in Forcepoint DLP 8.9.1, you can use REST APIs to control FSM in various way, please refer to the table below for a list of available APIs per release and sample use-cases.

Starting in Forcepoint DLP 10.0, you can use the new Deploy APIs to deploy your changes in the network, as well as experience updates in the existing Policy Management APIs.

DLP Version APIs Description Sample Use Cases
8.9.1 Incident Management APIs Incident Management APIs can be used to get a list of DLP and Discovery incidents from Forcepoint DLP or update and remediate those incidents.
  • Integrate your SIEM/SOAR server and gain better visibility using rich DLP incident details
  • Create detailed customized reports by pulling rich incident data in JSON structure and convert it into your customize report
  • Integrate your ticketing service, i.e “Service Now” and automatically release quarantined emails, close the incident or change the status, given a request or an approval
9.0 Policy Management APIs Policy management APIs can be used to manage DLP and Discovery policies, rules and resources.
  • Import set of tested policies from your development or UAT environment and export those policies into production
  • Move risky users or groups of users into more restrictive policies
  • Disable or fine tune policies triggering high rate of false positives, detected by your SIEM or SOAR service
10.0 Deploy APIs Deploy APIs can be used to extract data and configure it to Policy Engine and Endpoint servers.