Policies Endpoint

List All Policies

List all of an organization's policies.

Parameters

Sorting

  • name—Sort the records by policy name alphabetically in ascending or descending order.
    Examples: /api/v2/policies?order=-name (lists records descending.)
    /api/v2/policies?order=name (lists records ascending.)
  • created_at—Sort the results by ascending or descending order from the date the policy was created.
    Example: /api/v2/policies?order=created_at (lists results ascending from the date each policy was created).
  • updated_at—Sort the results by ascending or descending order from the date the policy was updated.

Filtering

  • created_before—limit results to policies created before a specified date.
    Example: /api/v2/policies?where={"created_before": "2020-09-15"} (lists records
    with policies whose creation date is before "2020-09-15".)
  • created_after—limit results to policies created after a specified date.
  • updated_before—limit results to policies updated before a specified date.
  • updated_after—limit results to policies updated after a specified date.
  • state—limit results to policies with a specific state (active or inactive).
    Example: /api/v2/policies?where={"state": "ACTIVE"} (lists records with policies
    whose state is "ACTIVE".)
  • name—limit results to policies with a specific name.

Limiting

  • limit—limit results to a specific number. The maximum number of results is 100,000.
    Example: GET /api/v2/policies?limit=100
  • offset—Limit the number of policies that must be skipped. For example, if offset=0, all policies will be returned from the beginning. If offset=10000, all policies starting from the 10001st will be returned.

default page size = 50
max_record per page = 100

Make the Request

GET /api/v2/policies

{
	"results": 2,
	"items": [{
			"id": "bO4QNWaxLp",
			"name": "custom regex testing",
			"description": null,
			"state": "INACTIVE",
			"policy_type": "Custom Regex",
			"actions_attached": false,
			"created_at": "2019-01-04T09:51:16.308938+00:00",
			"updated_at": "2020-05-15T14:21:56.875521+00:00",
			"severity": "ALERT",
			"extra": {}
		},
		{
			"id": "RBzXZNY42Y",
			"name": "cvt-738",
			"description": null,
			"state": "INACTIVE",
			"policy_type": "Context Only",
			"actions_attached": false,
			"created_at": "2018-02-19T13:19:24.077503+00:00",
			"updated_at": "2020-05-15T14:21:56.875521+00:00",
			"severity": "WARNING",
			"extra": {}
		}
	],
	"count_capped": true
}

Fields Returned

The following fields are returned in the API JSON.

Field Name
Type
Description
Example

id

string

This is the Cloudlock Internal Identifier for a policy

G8qz0vb49V

name

string

The name of the policy

PCI - Alert

state

string

Indicates if the policy is active or inactive

Active, Inactive

policy type

string

The type of policy enabled (Custom Regex, Events Analysis, or Predefined).

custom regex

action attached

string

True- a response action is enabled for the policy.
False- a response action is not enabled for the policy.

false

description

string

Description of the policy

Apps whose authorized access scopes present potential security risks

created_at

timestamp

Policy creation time, in UTC

2018-03-19T09:00:17.602482+00:00

updated_at

timestamp

Policy updated time, in UTC

2018-03-19T09:00:17.602482+00:00

severity

string

The severity assigned to incidents of this policy

CRITICAL,WARNING,INFO,ALERT

List Policies with Full Content

List policies with configuration content for each policy.

Parameters

Sorting

  • name—Sort the records by policy name alphabetically in ascending or descending order.
    Examples: /api/v2/detailed_policies?order=-name (lists records descending.)
    /api/v2/detailed_policies?order=name (lists records ascending.)
  • created_at—Sort the results by ascending or descending order from the date the policy was created.
    Example: /api/v2/detailed_policies?order=created_at (lists results ascending from the date each policy was created).
  • updated_at—Sort the results by ascending or descending order from the date the policy was updated.

Filtering

  • created_before—limit results to policies created before a specified date.
    Example: /api/v2/detailed_policies?where={"created_before": "2020-09-15"} (lists records
    with policies whose creation date is before "2020-09-15".)
  • created_after—limit results to policies created after a specified date.
  • updated_before—limit results to policies updated before a specified date.
  • updated_after—limit results to policies updated after a specified date.
  • state—limit results to policies with a specific state (active or inactive).
    Example: /api/v2/detailed_policies?where={"state": "ACTIVE"} (lists records with policies whose state is "ACTIVE".)
  • name—limit results to policies with a specific name.

Limiting

  • limit—limit results to a specific number. The maximum number of results is 100,000.
    Example: GET /api/v2/detailed_policies?limit=100
  • offset—Limit the number of policies that must be skipped. For example, if offset=0, all policies will be returned from the beginning. If offset=10000, all policies starting from the 10001st will be returned.

default page size = 50
max_record per page = 100

Make the Request

/api/v2/detailed_policies

{
    "results": 1,
    "items": [
        {
            "id": "ORxAwMe3aY",
            "name": "ykryvun-test",
            "description": null,
            "state": "INACTIVE",
            "policy_type": "Custom Regex",
            "created_at": "2017-12-22T10:35:02.178230+00:00",
            "updated_at": "2020-05-15T14:21:56.875521+00:00",
            "severity": "ALERT",
            "criteria": [
                {
                    "logic": "and",
                    "group": [
                        {
                            "conditions": {
                                "strictness": "medium",
                                "filename_only": false,
                                "proximity": "",
                                "exceptions": [],
                                "threshold": 1,
                                "expression": "DerekTest",
                                "scanner_type": "REGEX"
                            }
                        }
                    ]
                },
                {
                    "logic": "or",
                    "group": [
                        {
                            "conditions": {
                                "vendor_type": "document",
                                "vendor": "office365"
                            }
                        }
                    ]
                }
            ]
        }
    ],
    "count_capped": false
}

List Policies with Full Content Based on a Policy Identifier

Make the Request

/api/v2/policies/<policy_id>

{
    "id": "ORxAwMe3aY",
    "name": "ykryvun-test",
    "description": null,
    "state": "INACTIVE",
    "policy_type": "Custom Regex",
    "created_at": "2017-12-22T10:35:02.178230+00:00",
    "updated_at": "2020-05-15T14:21:56.875521+00:00",
    "severity": "ALERT",
    "criteria": [
        {
            "logic": "and",
            "group": [
                {
                    "conditions": {
                        "strictness": "medium",
                        "filename_only": false,
                        "proximity": "",
                        "exceptions": [],
                        "threshold": 1,
                        "expression": "DerekTest",
                        "scanner_type": "REGEX"
                    }
                }
            ]
        },
        {
            "logic": "or",
            "group": [
                {
                    "conditions": {
                        "vendor_type": "document",
                        "vendor": "office365"
                    }
                }
            ]
        }
    ]
}

Criteria Fields Returned for Policy Content

Field Name
Description
Example
Policy Type

Proximity

If there is a proximity expression configured in the policy it is listed as a string.

checking_account_number

Custom Regex, Predefined

Threshold

The threshold configured for the policy.

2

Custom Regex, Predefined

Scanner Type

The type of policy monitoring content (such as Regex, CCN,).

Regex

Custom Regex

Expression

The regular expression for which the policy matches on.

\b\d{4,17}\b

Custom Regex, Predefined

Exception

If there are any exceptions to the regular expression they are listed as a string.

1111111111111111

Custom Regex, Predefined

filename_only

If false, the policy will search for an expression match in the file name and content. if true, the policy will only match on a file name.

true

Custom Regex, Predefined

User

Users that the policy is specifically monitoring.

Custom Regex, Predefined

mimetype

When the policy is configured to look for specific file types, this is the type of file configured.

application/pdf

Custom Regex, Context Only

file_size

The minimum and maximum file sizes configured in the policy.

31457280, 62914560

Custom Regex, Predefined, Context only

Platform.vendor

The platform where the policy is monitored.

Webex Teams

Events Analysis

raw_event

Which event types are monitored in the policy.

  • (all events are monitored in the policy).

Events Analysis

Updated about a year ago

Policies Endpoint


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.