Eingehende Integration für Data Loss Prevention Incident Response

  • Freigeben Version: Xanadu
  • Aktualisiert 1. August 2024
  • 2 Minuten Lesedauer

    • Erstellen Sie einzelne oder mehrere DLP-Incidents mithilfe der eingehenden REST API.

    Erstellen Sie einen einzelnen DLP-Incident

    Erforderliche Rolle: sn_dlir.api_integration_user.

    Um einen einzelnen DLP-Incident zu erstellen, definieren Sie nach Bedarf die folgenden Parameter:
    Feld Beschreibung
    HTTP-Methode POST
    URL https://{instance}/api/now/import/sn_dlir_incident_import
    Anforderungs-Header
    Akzeptieren:
    application/json
    Inhaltstyp:
    application/json
    Beispielnutzlast 
    {
    "application_window_title": "<value>",
    "assigned_to": "<value>",
    "attachments": "<value>",
    "data_owner_email": "<value>",
    "destination": "<value>",
    "dest_ip": "<value>",
    "dest_ip_port": "<value>",
    "detection_date": "<value>",
    "endpoint_on_corporate_net": "<value>",
    "files": "",
    "file_created": "",
    "file_created_by": "",
    "file_location": "",
    "file_modified_by": "",
    "file_name": "",
    "file_owner": "",
    "file_permissions": "",
    "ftp_user_name": "",
    "last_modified": "",
    "machine_ip": "",
    "machine_name": "",
    "match_count": "",
    "policy_id": "",
    "policy_name": "",
    "printer_name": "",
    "printer_type": "",
    "print_job_name": "",
    "recipients": "",
    "scanned_machine": "",
    "scan_source": "",
    "seen_before": "",
    "sender":"",
    "source":"",
    "source_file":"",
    "source_ip":"",
    "source_ip_port":"",
    "subject":"",
    "url":"",
    "user_justification":""
}
    Beispielantwort 
    {
    "import_set": "ISET0010003",
    "staging_table": "sn_dlir_incident_import",
    "result": [
        {
            "transform_map": "",
            "table": "sn_dlir_incident",
            "display_name": "number",
            "display_value": "DLP0001012",
            "record_link": "https://{instance}/api/now/table/sn_dlir_incident/7cda322297c2411056a43d1e6253af1f",
            "status": "inserted",
            "sys_id": "7cda322297c2411056a43d1e6253af1f"
        }
    ]
}

    Erstellen Sie mehrere DLP-Incidents

    Erforderliche Rolle: sn_dlir.api_integration_user.

    Um mehrere DLP-Incidents aus derselben Anforderung zu erstellen, definieren Sie die folgenden Parameter nach Bedarf:
    Feld Beschreibung
    HTTP-Methode POST
    URL https://{instance}/api/now/import/sn_dlir_incident_import/insertMultiple
    Anforderungs-Header
    Akzeptieren:
    application/json
    Inhaltstyp:
    application/json
    Beispielnutzlast 
    {
    "records": [
        {
            "file_name": "<value>",
            "file_modified_by": "<value>",
            "work_notes": "<value>",
            "url": "<value>",
            "scan_source": "<value>",
            "data_owner_email": "<value>",
            "file_created_by": "<value>",
            "file_owner": "<value>",
            "policy_name": "<value>"
        },
        {
            "dest_ip": "<value>",
            "dest_ip_port": "<value>",
            "detection_date": "<value>",
            "endpoint_on_corporate_net": "<value>",
            "files": "<value>",
            "file_created": "<value>",
            "file_created_by": "<value>",
            "file_location": "<value>",
            "file_modified_by": "<value>",
            "file_name": "<value>",
            "file_owner": "<value>",
        }
    ]
}
    Beispielantwort 
    {
    "import_set_id": "a38f69229734dd1056a43d1e6253af75",
    "multi_import_set_id": "e78f69229734dd1056a43d1e6253af75"
}
    Hinweis:
    Standardmäßig ist die Transformation asynchron. Um die synchrone Transformation festzulegen, erstellen Sie einen neuen Datensatz in der Tabelle REST Insert Multiples [sys_rest_insert_multiple], wählen Sie sn_dlir_incident_import als Quelltabelle aus, und legen Sie die Transformation auf synchronfest.