Forcepoint Data Loss Prevention (DLP)
App Vendor: Forcepoint
App Category: Network Security
Connector Version: 1.0.0
API Version: 1.0.0
Product Version: v8.3.x
About App
The Forcepoint Data Loss Prevention (DLP) app provides integration with Forcepoint Data Loss Prevention (DLP) enterprise application. Forcepoint DLP protects organizations from information leaks and data loss at the perimeter and inside the organization, as well as in certain infrastructure as service platforms.
The Forcepoint Data Loss Prevention app is configured with the Orchestrate application to perform the following actions:
Action Name | Description |
|---|---|
Add API-managed Category | This action adds categories as containers for URLs and IP addresses maintained in the Forcepoint DLP application. |
Add URL | This action adds a URL from an API-managed specified category in the Forcepoint DLP application. |
List API-managed Categories | This action retrieves a list of API-managed categories or all categories from the Forcepoint DLP application. |
Start a Management API Transaction | This action starts a API-managed transaction when any changes are needed to make via management API in the Forcepoint DLP application. |
Delete API-managed Categories | This action deletes API-managed categories using category ID or name from the Forcepoint DLP application. |
Get System and Transaction Status | This action gets the system and transaction status from the Forcepoint DLP application. |
Roll back changes on Specified Transaction | This action rolls back the changes for the specified transaction. It cancels all the added and deleted commands within the specified transaction in the Forcepoint DLP application. |
Commit Changes on Specified Transaction | This action commits changes to the specified transaction. It commits the API changes for all the added and deleted commands within the specified transaction in the Forcepoint DLP application. |
Get IOCs from Category | This action gets all the URLs, IP addresses, and ranges in the specified category in the Forcepoint DLP application. |
Remove IP Address | This action removes the IP address from an API-managed specified category in the Forcepoint DLP application. |
Remove URL | This action removes the URL from an API-managed specified category in the Forcepoint DLP application. |
Add IP Address | This action adds an IP address from an API-managed specified category in the Forcepoint DLP application. |
Configuration Parameters
The following configuration parameters are required for the Forcepoint Data Loss Prevention (DLP) app to communicate with the Forcepoint Data Loss Prevention (DLP) enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Server FQDN | Enter the Forcepoint DLP Server FQDN. Example: <http|https://platform_ip|domain> | Text | Required | |
Username | Enter the Forcepoint DLP Username. | Text | Required | |
Password | Enter the the Forcepoint DLP Password. | Password | Required | |
Port | Enter the Forcepoint DLP Port. | Text | Optional | Default value: 15873 |
SSL Verification | Choose if SSL verification is needed in configuration. | Boolean | Optional | Default value: False |
Action: Add API-managed Category
This action adds categories as containers for URLs and IP addresses maintained in the Forcepoint DLP application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Transaction ID | Enter the transaction ID. Example: "sampletransactionID" | Text | Required | The Transaction ID can be retrieved using Start a management api transaction action. |
Category Name | Enter the category name. Example: “malicious” | Text | Required | |
Parent ID | Enter the parent ID. Example: “sampleparentID” | Integer | Required | |
Category Description | Enter the category description. Example: "samplecategory" | Text | Required |
Example Request
[
{
"transaction_id": “sampletransactionID”,
"category_name": “malicious”,
"parent_id": “sampleparentID”,
“category_description”: “samplecategory”
}
]Action: Add URL
This action adds a URL from an API-managed specified category in the Forcepoint DLP application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Transaction ID | Enter the transaction ID. Example: “sampletransactionID” | Text | Required | |
Category ID | Enter the category ID. Example: “samplecategoryID” | Integer | Required | |
URLs | Enter the list in comma-separated string of URLs. Example: “www.sampledomain.com" | List | Required |
Example Request
[
{
"transaction_id": “sampletransactionID”,
"category_id": “samplecategoryID”,
"urls": “www.sampledomain.com"
}
]Action: List API-managed Categories
This action retrieves a list of API-managed categories or all categories from the Forcepoint DLP application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Transaction ID | Enter the transaction ID, if want to include categories that have not yet been committed. Example: “sampletransactionID” | Text | Optional | Default value: None |
Include Master Database Categories | Choose to include Forcepoint-defined master database categories. Example: "true" | Boolean | Optional | Allowed values:
Default value: False |
Example Request
[
{
"transaction_id": “sampletransactionID”,
}
]Action: Start a Management API transaction
This action starts a API-managed transaction when any changes are needed to make via management API in the Forcepoint DLP application.
Action Input Parameters
This action does not require any input parameter.
Action: Delete API-managed Categories
This action deletes API-managed categories using category ID or name from the Forcepoint DLP application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Transaction ID | Enter the transaction ID. Example: “sampletransactionID” | Text | Required | |
Category Value | Enter the list in comma-separated string for category value as name or ID. Example: “samplecategoryID” | Any | Required | |
If category value is ID | Choose true if category value is ID. Example: “true” | Boolean | Optional | Allowed values:
Default value: False |
Example Request
[
{
"transaction_id": “sampletransactionID”,
"categories_value": “samplecategoryID”,
"is_categories_id": “true”,
}
]Action: Get System and Transaction Status
This action gets the system and transaction status from the Forcepoint DLP application.
Action Input Parameters
This action does not require any input parameter.
Action: Roll back Changes on Specified Transaction
This action rolls back the changes for the specified transaction. It cancels all the added and deleted commands within the specified transaction in the Forcepoint DLP application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Transaction ID | Enter the transaction ID. Example: “sampletransactionID" | Text | Required |
Example Request
[
{
"transaction_id": “sampletransactionID"
}
]Action: Commit Changes on Specified Transaction
This action can be used for specified transaction to commit api changes as all add and delete commands within the specified transaction in the forcepoint dlp application
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Transaction ID | Enter the transaction ID. Example: “sampletransactionID" | Text | Required |
Example Request
[
{
"transaction_id": “sampletransactionID"
}
]Action: Get IOCs from Category
This action gets all the URLs, IP addresses, and ranges in the specified category in the Forcepoint DLP application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Category Value | Enter the category value as name or ID. Example: “samplecategoryID” | Text | Required | |
If category value is ID | Choose if category value is ID. Example: "true" | Boolean | Optional | Allowed values:
Default value: False |
Example Request
[
{
"category_value": “samplecategoryID”,
"is_categories_id": “true”,
}
]Action: Remove IP Address
This action removes the IP address from an API-managed specified category in the Forcepoint DLP application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Transaction ID | Enter the transaction ID. Example: “sampletransactionID” | Text | Required | |
Category ID | Enter the category ID. Example: “samplecategoryID” | Integer | Required | |
IP addresses | Enter the list in comma-separated string of IP addresses. Example: “10.10.10.10” | Any | Required |
Example Request
[
{
"transaction_id": “sampletransactionID”,
"category_id": “samplecategoryID”,
"ip_address": “10.10.10.10”,
}
]Action: Remove URL
This action removes the URL from an API-managed specified category in the Forcepoint DLP application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Transaction ID | Enter the transaction ID. Example: “sampletransactionID” | Text | Required | |
Category ID | Enter the category ID. Example: “samplecategoryID” | Integer | Required | |
URLs | Enter the list in comma-separated string of URLs. Example: “www.sampledomain.com” | Any | Required |
Example Request
[
{
"transaction_id": “sampletransactionID”,
"category_id": “samplecategoryID”,
"urls": “www.sampledomain.com”
}
]Action: Add IP Address
This action adds an IP address from an API-managed specified category in the Forcepoint DLP application.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Transaction ID | Enter the transaction ID. Example: “sampletransactionID” | Text | Required | |
Category ID | Enter the category ID. Example: “samplecategoryID” | Integer | Required | |
IP Addresses | Enter the list in comma-separated string of IP addresses. Example: “10.10.10.10” | Any | Required |
Example Request
[
{
"transaction_id": “sampletransactionID”,
"category_id": “samplecategoryID”,
"ip_address": “10.10.10.10”
}
]