Policies Endpoint
List All Policies
List all of an organization's policies.
Parameters
Sorting
- name—Sort the records by policy name alphabetically in ascending or descending order.
Examples:/api/v2/policies?order=-name
(lists records descending.)
/api/v2/policies?order=name
(lists records ascending.) - created_at—Sort the results by ascending or descending order from the date the policy was created.
Example:/api/v2/policies?order=created_at
(lists results ascending from the date each policy was created). - updated_at—Sort the results by ascending or descending order from the date the policy was updated.
Filtering
- created_before—limit results to policies created before a specified date.
Example:/api/v2/policies?where={"created_before": "2020-09-15"}
(lists records
with policies whose creation date is before "2020-09-15".) - created_after—limit results to policies created after a specified date.
- updated_before—limit results to policies updated before a specified date.
- updated_after—limit results to policies updated after a specified date.
- state—limit results to policies with a specific state (active or inactive).
Example:/api/v2/policies?where={"state": "ACTIVE"}
(lists records with policies
whose state is "ACTIVE".) - name—limit results to policies with a specific name.
Limiting
- limit—limit results to a specific number. The maximum number of results is 100,000.
Example: GET /api/v2/policies?limit=100 - offset—Limit the number of policies that must be skipped. For example, if offset=0, all policies will be returned from the beginning. If offset=10000, all policies starting from the 10001st will be returned.
default page size = 50
max_record per page = 100
Make the Request
GET /api/v2/policies
{
"results": 2,
"items": [{
"id": "bO4QNWaxLp",
"name": "custom regex testing",
"description": null,
"state": "INACTIVE",
"policy_type": "Custom Regex",
"actions_attached": false,
"created_at": "2019-01-04T09:51:16.308938+00:00",
"updated_at": "2020-05-15T14:21:56.875521+00:00",
"severity": "ALERT",
"extra": {}
},
{
"id": "RBzXZNY42Y",
"name": "cvt-738",
"description": null,
"state": "INACTIVE",
"policy_type": "Context Only",
"actions_attached": false,
"created_at": "2018-02-19T13:19:24.077503+00:00",
"updated_at": "2020-05-15T14:21:56.875521+00:00",
"severity": "WARNING",
"extra": {}
}
],
"count_capped": true
}
Fields Returned
The following fields are returned in the API JSON.
Field Name | Type | Description | Example |
---|---|---|---|
id | string | This is the Cloudlock Internal Identifier for a policy | G8qz0vb49V |
name | string | The name of the policy | PCI - Alert |
state | string | Indicates if the policy is active or inactive | Active, Inactive |
policy type | string | The type of policy enabled (Custom Regex, Events Analysis, or Predefined). | custom regex |
action attached | string | True- a response action is enabled for the policy. False- a response action is not enabled for the policy. | false |
description | string | Description of the policy | Apps whose authorized access scopes present potential security risks |
created_at | timestamp | Policy creation time, in UTC | 2018-03-19T09:00:17.602482+00:00 |
updated_at | timestamp | Policy updated time, in UTC | 2018-03-19T09:00:17.602482+00:00 |
severity | string | The severity assigned to incidents of this policy | CRITICAL,WARNING,INFO,ALERT |
List Policies with Full Content
List policies with configuration content for each policy.
Parameters
Sorting
- name—Sort the records by policy name alphabetically in ascending or descending order.
Examples:/api/v2/detailed_policies?order=-name
(lists records descending.)
/api/v2/detailed_policies?order=name
(lists records ascending.) - created_at—Sort the results by ascending or descending order from the date the policy was created.
Example:/api/v2/detailed_policies?order=created_at
(lists results ascending from the date each policy was created). - updated_at—Sort the results by ascending or descending order from the date the policy was updated.
Filtering
- created_before—limit results to policies created before a specified date.
Example:/api/v2/detailed_policies?where={"created_before": "2020-09-15"}
(lists records
with policies whose creation date is before "2020-09-15".) - created_after—limit results to policies created after a specified date.
- updated_before—limit results to policies updated before a specified date.
- updated_after—limit results to policies updated after a specified date.
- state—limit results to policies with a specific state (active or inactive).
Example:/api/v2/detailed_policies?where={"state": "ACTIVE"}
(lists records with policies whose state is "ACTIVE".) - name—limit results to policies with a specific name.
Limiting
- limit—limit results to a specific number. The maximum number of results is 100,000.
Example: GET /api/v2/detailed_policies?limit=100 - offset—Limit the number of policies that must be skipped. For example, if offset=0, all policies will be returned from the beginning. If offset=10000, all policies starting from the 10001st will be returned.
default page size = 50
max_record per page = 100
Make the Request
/api/v2/detailed_policies
{
"results": 1,
"items": [
{
"id": "ORxAwMe3aY",
"name": "ykryvun-test",
"description": null,
"state": "INACTIVE",
"policy_type": "Custom Regex",
"created_at": "2017-12-22T10:35:02.178230+00:00",
"updated_at": "2020-05-15T14:21:56.875521+00:00",
"severity": "ALERT",
"criteria": [
{
"logic": "and",
"group": [
{
"conditions": {
"strictness": "medium",
"filename_only": false,
"proximity": "",
"exceptions": [],
"threshold": 1,
"expression": "DerekTest",
"scanner_type": "REGEX"
}
}
]
},
{
"logic": "or",
"group": [
{
"conditions": {
"vendor_type": "document",
"vendor": "office365"
}
}
]
}
]
}
],
"count_capped": false
}
List Policies with Full Content Based on a Policy Identifier
Make the Request
/api/v2/policies/<policy_id>
{
"id": "ORxAwMe3aY",
"name": "ykryvun-test",
"description": null,
"state": "INACTIVE",
"policy_type": "Custom Regex",
"created_at": "2017-12-22T10:35:02.178230+00:00",
"updated_at": "2020-05-15T14:21:56.875521+00:00",
"severity": "ALERT",
"criteria": [
{
"logic": "and",
"group": [
{
"conditions": {
"strictness": "medium",
"filename_only": false,
"proximity": "",
"exceptions": [],
"threshold": 1,
"expression": "DerekTest",
"scanner_type": "REGEX"
}
}
]
},
{
"logic": "or",
"group": [
{
"conditions": {
"vendor_type": "document",
"vendor": "office365"
}
}
]
}
]
}
Criteria Fields Returned for Policy Content
Field Name | Description | Example | Policy Type |
---|---|---|---|
Proximity | If there is a proximity expression configured in the policy it is listed as a string. | checking_account_number | Custom Regex, Predefined |
Threshold | The threshold configured for the policy. | 2 | Custom Regex, Predefined |
Scanner Type | The type of policy monitoring content (such as Regex, CCN,). | Regex | Custom Regex |
Expression | The regular expression for which the policy matches on. | \b\d{4,17}\b | Custom Regex, Predefined |
Exception | If there are any exceptions to the regular expression they are listed as a string. | 1111111111111111 | Custom Regex, Predefined |
filename_only | If false, the policy will search for an expression match in the file name and content. if true, the policy will only match on a file name. | true | Custom Regex, Predefined |
User | Users that the policy is specifically monitoring. | Custom Regex, Predefined | |
mimetype | When the policy is configured to look for specific file types, this is the type of file configured. | application/pdf | Custom Regex, Context Only |
file_size | The minimum and maximum file sizes configured in the policy. | 31457280, 62914560 | Custom Regex, Predefined, Context only |
Platform.vendor | The platform where the policy is monitored. | Webex Teams | Events Analysis |
raw_event | Which event types are monitored in the policy. |
| Events Analysis |
Updated almost 2 years ago