Data Loss Prevention

 View Only

  • 1.  Symantec DLP API Export Report

    Posted May 21, 2018 12:03 PM

    Has anyone been able to pull an entire saved report using the API?  The provided samples and documentation seem to only allow for looping through Incident IDs from a saved report.  If anyone has experience with this, could you share some code?

     

    Thanks,


    Nick Piscopo

     



  • 2.  RE: Symantec DLP API Export Report

    Posted Jun 15, 2018 11:48 AM

    Hey Nick, if you're talking about the "incident reporting and remediation" API it's a POS. We weren't able to get it to work.  Contact your account manager and ask about "incident views". It may be a viable alternative.



  • 3.  RE: Symantec DLP API Export Report

    Trusted Advisor
    Posted Jun 15, 2018 10:57 PM

    hi,

     this is the way the API works, you must first get incident ids from your predefined report and then fetch information you want (may not be all incident information).

    I used it everyday via a homemade application for incident remediation, so in v14.6, it works fine.

     regards



  • 4.  RE: Symantec DLP API Export Report

    Posted Sep 05, 2018 01:41 PM

    The basic workflow is like this:

    - Start a client/instance IncidentService (basically a SoapClient)

    - Use IncidentListRequest to request a list of incidentListIds with Report ID

    - Use IncidentDetailRequest and include the incidentListIds you get to request incident details



  • 5.  RE: Symantec DLP API Export Report

    Posted Feb 18, 2019 11:46 PM

    @stephane.fichet - did you use any SoapClient? Were you able to pull out the ACL information and custom attributes as well?



  • 6.  RE: Symantec DLP API Export Report

    Posted Feb 25, 2019 11:44 AM

    Hello,

    We use these kind of script but with Zeep on Python environnement.

    Everthing is explains in this document: /connect/sites/default/files/users/user-3956181/Symantec_DLP_14.6_Incident_Reporting_Update_API_Developers_Guide.pdf

    If you prefer to use .Net env, you could use this kind of script :

    string client_username = "user";
    string client_password = "password";

    string incidentId = 1280;
    string url = "https://localhost/ProtectManager/services/v2011/incidents?wsdl"

    BasicHttpBinding httpBinding = new BasicHttpBinding();
    httpBinding.Security.Mode = BasicHttpSecurityMode.Transport;
    httpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
    IncidentServicePortTypeClient client = new IncidentServicePortTypeClient(httpBinding,
    epAddress);
    client.ClientCredentials.UserName.UserName = client_username;
    client.ClientCredentials.UserName.Password = client_password;
    IEndpointBehavior behavior = new HttpBasicAuthenticationEndpointBehavior();
    client.Endpoint.Behaviors.Add(behavior);
    client.Open()

    response = client.service.incidentDetail(incidentId)

    With regards