dlp#

The following methods allow for interaction with the ZIA DLP Dictionary API endpoints.

Methods are accessible via zia.dlp

class DLPAPI#

Bases: object

add_dict(name, custom_phrase_match_type, dictionary_type, **kwargs)#

Add a new Patterns and Phrases DLP Dictionary to ZIA.

Parameters:

name (str) – The name of the DLP Dictionary.
match_type (str) – The DLP custom phrase/pattern match type. Accepted values are all or any.
**kwargs – Optional keyword args.

Keyword Arguments:

description (str) – Additional information about the DLP Dictionary.
phrases (list) –
A list of DLP phrases, with each phrase provided by a tuple following the convention (action, pattern). Accepted actions are all or unique. E.g.
```
('all', 'TOP SECRET')
('unique', 'COMMERCIAL-IN-CONFIDENCE')
```
patterns (list) –
A list of DLP patterns, with each pattern provided by a tuple following the convention (action, pattern). Accepted actions are all or unique. E.g.
```
('all', '\d{2} \d{3} \d{3} \d{3}')
('unique', '[A-Z]{6}[A-Z0-9]{2,5}')
```

Returns:

The newly created DLP Dictionary resource record.

Return type:

Box

Examples

Match text found that contains an IPv4 address using patterns:

>>> zia.dlp.add_dict(name='IPv4 Addresses',
...                description='Matches IPv4 address pattern.',
...                match_type='all',
...                patterns=[
...                    ('all', '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(/(\d|[1-2]\d|3[0-2]))?')
...                ]))

Match text found that contains government document caveats using phrases.

>>> zia.dlp.add_dict(name='Gov Document Caveats',
...                description='Matches government classification caveats.',
...                match_type='any',
...                phrases=[
...                    ('all', 'TOP SECRET'),
...                    ('all', 'SECRET'),
...                    ('all', 'CONFIDENTIAL')
...                ]))

Match text found that meets the criteria for a Secret Project’s document markings using phrases and patterns:

>>> zia.dlp.add_dict(name='Secret Project Documents',
...                description='Matches documents created for the Secret Project.',
...                match_type='any',
...                phrases=[
...                    ('all', 'Project Umbrella'),
...                    ('all', 'UMBRELLA')
...                ],
...                patterns=[
...                    ('unique', '\d{1,2}-\d{1,2}-[A-Z]{5}')
...                ]))

add_dlp_engine(name, engine_expression=None, custom_dlp_engine=None, description=None)#: Adds a new dlp engine. …

add_dlp_template(name, subject, **kwargs)#

Adds a new DLP notification template to ZIA.

Parameters:

name (str) – The name of the DLP notification template.
subject (str) – The subject line displayed within the DLP notification email.

Keyword Arguments:

attach_content (bool) – If true, the content in violation is attached to the DLP notification email.
plain_text_message (str) – Template for the plain text UTF-8 message body displayed in the DLP notification email.
html_message (str) – Template for the HTML message body displayed in the DLP notification email.

Returns:

The newly created DLP Notification Template resource record.

Return type:

Box

Examples

Create a new DLP Notification Template:

>>> zia.dlp.add_dlp_template(name="New DLP Template",
...                         subject="Alert: DLP Violation Detected",
...                         attach_content=True,
...                         plain_text_message="Text message content",
...                         html_message="<html><body>HTML message content</body></html>")

delete_dict(dict_id)#

Deletes the DLP Dictionary that matches the specified DLP Dictionary id.

Parameters:: dict_id (str) – The unique id for the DLP Dictionary.
Returns:: The status code for the operation.
Return type:: int

Examples

>>> zia.dlp.delete_dict('8')

delete_dlp_engine(engine_id)#

Deletes the specified dlp engine.

Parameters:: engine_id (str) – The unique identifier for the dlp engine.
Returns:: The status code for the operation.
Return type:: int

Examples

>>> zia.dlp.delete_dlp_engine('278454')

delete_dlp_template(template_id)#

Deletes the DLP Notification Template that matches the specified Template id.

Parameters:: template_id (str) – The unique id for the DLP Notification Template.
Returns:: The status code for the operation.
Return type:: int

Examples

>>> zia.dlp.delete_dlp_template(template_id=4370)

get_dict(dict_id)#

Returns the DLP Dictionary that matches the specified DLP Dictionary id.

Parameters:: dict_id (str) – The unique id for the DLP Dictionary.
Returns:: The ZIA DLP Dictionary resource record.
Return type:: Box

Examples

>>> pprint(zia.dlp.get_dict('3'))

get_dlp_engine_by_name(name)#

get_dlp_engines(engine_id)#

Returns the dlp engine details for a given DLP Engine.

Parameters:: engine_id (str) – The unique identifier for the DLP Engine.
Returns:: The DLP Engine resource record.
Return type:: Box

Examples

>>> engine = zia.dlp.get_dlp_engines('99999')

get_dlp_icap_by_name(name)#

get_dlp_icap_servers(icap_server_id)#

Returns the dlp icap server details for a given DLP ICAP Server.

Parameters:: icap_server_id (str) – The unique identifier for the DLP ICAP Server.
Returns:: The DLP ICAP Server resource record.
Return type:: Box

Examples

>>> icap = zia.dlp.get_dlp_icap_servers('99999')

get_dlp_idm_profile_by_name(profile_name)#

get_dlp_idm_profiles(profile_id)#

Returns the dlp idmp profile details for a given DLP IDM Profile.

Parameters:: icap_server_id (str) – The unique identifier for the DLP IDM Profile.
Returns:: The DLP IDM Profile resource record.
Return type:: Box

Examples

>>> idm = zia.dlp.get_dlp_idm_profiles('99999')

get_dlp_incident_receiver(receiver_id)#

Returns the dlp incident receiver details for a given DLP Incident Receiver.

Parameters:: receiver_id (str) – The unique identifier for the DLP Incident Receiver.
Returns:: The DLP Incident Receiver resource record.
Return type:: Box

Examples

>>> incident_receiver = zia.dlp.get_dlp_incident_receiver('99999')

get_dlp_incident_receiver_by_name(name)#

get_dlp_templates(template_id)#

Returns the dlp notification template details for a given DLP template.

Parameters:: template_id (int) – The unique identifer for the DLP notification template.
Returns:: The DLP template resource record.
Return type:: Box

Examples

>>> template = zia.dlp.get_dlp_templates('99999')

list_dicts(query=None)#

Returns a list of all custom and predefined ZIA DLP Dictionaries.

Parameters:: query (str) – A search string used to match against a DLP dictionary’s name or description attributes.
Returns:: A list containing ZIA DLP Dictionaries.
Return type:: BoxList

Examples

Print all dictionaries

>>> for dictionary in zia.dlp.list_dicts():
...    pprint(dictionary)

Print dictionaries that match the name or description ‘GDPR’

>>> pprint(zia.dlp.list_dicts('GDPR'))

list_dlp_engines(query=None)#

Returns the list of ZIA DLP Engines.

Parameters:: query (str) – A search string used to match against a DLP Engine’s name or description attributes.
Returns:: A list containing ZIA DLP Engines.
Return type:: BoxList

Examples

Print all dlp engines

>>> for dlp engines in zia.dlp.list_dlp_engines():
...    pprint(engine)

Print engines that match the name or description ‘GDPR’

>>> pprint(zia.dlp.list_dlp_engines('GDPR'))

list_dlp_icap_servers(query=None)#

Returns the list of ZIA DLP ICAP Servers.

Parameters:: query (str) – A search string used to match against a DLP icap server’s name or description attributes.
Returns:: A list containing ZIA DLP ICAP Servers.
Return type:: BoxList

Examples

Print all icap servers

>>> for dlp icap in zia.dlp.list_dlp_icap_servers():
...    pprint(icap)

Print icaps that match the name or description ‘ZS_ICAP’

>>> pprint(zia.dlp.list_dlp_icap_servers('ZS_ICAP'))

list_dlp_idm_profiles(query=None)#

Returns the list of ZIA DLP IDM Profiles.

Parameters:: query (str) – A search string used to match against a DLP IDM Profile’s name or description attributes.
Returns:: A list containing ZIA DLP IDM Profiles.
Return type:: BoxList

Examples

Print all idm profiles

>>> for dlp idm in zia.dlp.list_dlp_idm_profiles():
...    pprint(idm)

Print IDM profiles that match the name or description ‘IDM_PROFILE_TEMPLATE’

>>> pprint(zia.dlp.list_dlp_idm_profiles('IDM_PROFILE_TEMPLATE'))

list_dlp_incident_receiver(query=None)#

Returns the list of ZIA DLP Incident Receiver.

Parameters:: query (str) – A search string used to match against a DLP Incident Receiver’s name or description attributes.
Returns:: A list containing ZIA DLP Incident Receiver.
Return type:: BoxList

Examples

Print all incident receivers

>>> for dlp incident receiver in zia.dlp.list_dlp_incident_receiver():
...    pprint(receiver)

Print Incident Receiver that match the name or description ‘ZS_INC_RECEIVER_01’

>>> pprint(zia.dlp.list_dlp_incident_receiver('ZS_INC_RECEIVER_01'))

list_dlp_templates(query=None)#

Returns the list of ZIA DLP Notification Templates.

Parameters:: query (str) – A search string used to match against a DLP Engine’s name or description attributes.
Returns:: A list containing ZIA DLP Engines.
Return type:: BoxList

Examples

Print all dlp templates

>>> for dlp templates in zia.dlp.list_dlp_templates():
...    pprint(engine)

Print templates that match the name or description ‘Standard_Template’

>>> pprint(zia.dlp.list_dlp_templates('Standard_Template'))

update_dict(dict_id, **kwargs)#

Updates the specified DLP Dictionary.

Parameters:

dict_id (str) – The unique id of the DLP Dictionary.
**kwargs – Optional keyword args.

Keyword Arguments:

description (str) – Additional information about the DLP Dictionary.
match_type (str) – The DLP custom phrase/pattern match type. Accepted values are all or any.
name (str) – The name of the DLP Dictionary.
phrases (list) –
A list of DLP phrases, with each phrase provided by a tuple following the convention (action, pattern). Accepted actions are all or unique. E.g.
```
('all', 'TOP SECRET')
('unique', 'COMMERCIAL-IN-CONFIDENCE')
```
patterns (list) –
A list of DLP pattersn, with each pattern provided by a tuple following the convention (action, pattern). Accepted actions are all or unique. E.g.
```
('all', '\d{2} \d{3} \d{3} \d{3}')
('unique', '[A-Z]{6}[A-Z0-9]{2,5}')
```

Returns:

The updated DLP Dictionary resource record.

Return type:

Box

Examples

Update the name of a DLP Dictionary:

>>> zia.dlp.update_dict('3',
...                name='IPv4 and IPv6 Addresses')

Update the description and phrases for a DLP Dictionary.

>>> zia.dlp.update_dict('4',
...        description='Updated government caveats.'
...        phrases=[
...                    ('all', 'TOP SECRET'),
...                    ('all', 'SECRET'),
...                    ('all', 'PROTECTED')
...                ])

update_dlp_engine(engine_id, **kwargs)#

Updates an existing dlp engine.

Parameters:

engine_id (str) – The unique ID for the dlp engine that is being updated.
**kwargs – Optional keyword args.

Keyword Arguments:

name (str) – The order of the rule, defaults to adding rule to bottom of list.
description (str, optional) – The admin rank of the rule.
engine_expression (str, optional) – The logical expression defining a DLP engine by combining DLP dictionaries using logical operators: All (AND), Any (OR), Exclude (NOT), and Sum (total number of content matches).
custom_dlp_engine (bool, optional) – If true, indicates a custom DLP engine.
description – The DLP engine description.

Returns:

The updated dlp engine resource record.

Return type:

Box

Examples

Update the dlp engine:

>>> zia.dlp.add_dlp_engine(name='new_dlp_engine',
...    description='TT#1965432122',
...    engine_expression="((D63.S > 1))",
...    custom_dlp_engine=False)

Update a rule to enable custom dlp engine:

>>> zia.dlp.add_dlp_engine('976597',
...    custom_dlp_engine=True,
...    engine_expression="((D63.S > 1))",
...    description="TT#1965232866")

update_dlp_template(template_id, **kwargs)#

Updates the specified DLP Notification Template.

Parameters:

template_id (str) – The unique identifier for the DLP notification template.

Keyword Arguments:

name (str) – The new name of the DLP notification template.
subject (str) – The new subject line for the DLP notification email.
attach_content (bool) – If true, updates the setting for attaching content in violation.
plain_text_message (str) – New template for the plain text UTF-8 message body.
html_message (str) – New template for the HTML message body.
tls_enabled (bool) – If true, enables TLS for the notification template.

Returns:

The updated DLP Notification Template resource record.

Return type:

Box

Examples

Update the name of a DLP Notification Template:

>>> zia.dlp.update_dlp_template(template_id=4370,,
...                tls_enabled=True)

Update the description and phrases for a DLP Dictionary.

>>> zia.dlp.update_dlp_template(template_id=4370,
...        name='Standard DLP Template',
...        tls_enabled=False,
...        attach_content=False)

validate_dict(pattern)#

Validates the provided pattern for usage in a DLP Dictionary.

Note: The ZIA API documentation doesn’t provide information on how to structure a request for this API endpoint.: This endpoint is returning a valid response but validation isn’t failing for obvious wrong patterns. Use at own risk.

Parameters:: pattern (str) – DLP Pattern for evaluation.
Returns:: Information on the provided pattern.
Return type:: Box