To prevent sensitive data exfiltration, Enterprise Data Loss Prevention Email DLP performs inline inspection of all outbound emails. The email DLP service renders verdicts which can then be examined using the API.
The API enables you to programtically review Email DLP incidents and further inspect the report in order to update verdicts.
To use the API:
- Ensure you have activated Email DLP.
- Have captured Email DLP Incidents after adding an Enterprise DLP Email Policy.
Once you have captured Email DLP incidents, you can use the Email DLP API to update verdicts of incident statuses or retrieve and filter more details on Email Incidents.
Depending on your instance location, the endpoint URL can change. The Email DLP endpoint is region specific.
These APIs use the common SASE authentication for service access and authorization.
Once you have a TSG, you can create a service account for it. When you create a service account, you get a Client ID and Client Secret, which you need in order to get an access token. You must also use your TSG's ID when you create an access token.
To use the Email DLP API, the service account must have a role assigned as either Superuser, SOC_Admin, or DATA_SECURITY_ADMIN and the Apps and Services must have access to Next-Generation CASB.