Getting Started with the REST API Service

The REST API service allows customers to remotely pull and manage incident data from Forcepoint Security Manager to integrate with SOAR, SIEM, BI and other solutions.

The REST API service allows to get Discovery and DLP incidents by verifying optional filters like policy, department, or the Risk Level. In addition, the REST API allows customers to update incidents’ Status, Severity, assigned administrator, and more.

The following REST APIs are available:

  • Get Incidents API
  • Update Incidents API

Make sure you create a Local Account of Administrator from type Application on the Forcepoint Security Manager and apply the authentication process before using the service.

To connect an application to Forcepoint DLP through a REST API connection, you need to create an Application administrator in the Forcepoint Security Manager on the Global Settings > General > Administrators settings page. For more information, see the Enabling access to theSecurity Manager topic in the Forcepoint Security Manager Help. The Application administrator type is only supported for Local accounts. Please note that Network accounts cannot be configured as an Application type.

For more information about the Authentication process and using the REST API service, see the Forcepoint DLP REST API Guide.