post https://YOUR-AGENT-URL.symphony.com/agent/v3/dlp/policies
Available on Agent 2.1.4 and above. See the SBE x Agent compatibilities for more details about the minimal requirements.
Creates a new policy with dictionary references.
After you create a policy, call Enable Policy to start enforcing the policy.
AppliesTo
Configuration applies to policy
Field | Type | Required | Description |
---|---|---|---|
dataType | string | Yes | The list of data types that policy should apply to. Can't be empty. Can be ["Messages","RoomMeta", "SignalMeta", "FileContent", "FileMeta"]. |
action | string | Yes | Action to be taken on violation detection. Can be ["Block", "Warn", "LogOnly"]. The default is "LogOnly". |
rules | rules array_object See Rules | Yes | A Rule defines the actual matching specification for policies. It holds a type and a configuration for the rule, these properties should be used to build the corresponding matching implementation. Only one of the configuration property should be set [textMatchConfig, fileSizeConfig, fileExtensionConfig, filePasswordConfig, fileClassifierConfig]. |
Rules
Configuration for rules
Field | Type | Required | Description |
---|---|---|---|
type | string | Yes | Type of a rule used by policy. Can be [" "TEXT_MATCH", "FILE_EXTENSION", "FILE_SIZE", "FILE_PASSWORD", "FILE_CLASSIFIER"]. |
name | string | Yes | Name for rule. |
textMatchConfig | object | Only one of the configuration property should be set [textMatchConfig, fileExtensionConfig, filePasswordConfig]. | This is a configuration that can be used to match text or regex. Configuration that can be used by a rule. This is a configuration that can be used to match text or regex. This configuration also corresponds to V2 TextMatch/RegexMatch of dictionaries. See TextMatchConfig |
filePasswordConfig | object | Only one of the configuration property should be set [textMatchConfig, fileExtensionConfig, filePasswordConfig]. | Password protected detection config for files that are password protected or not. |
fileExtensionConfig | object | Only one of the configuration property should be set [textMatchConfig, fileExtensionConfig, filePasswordConfig]. | Extension detection config for allowed and blocked types of file extensions. |
TextMatchConfig
Field | Type | Required | Description |
---|---|---|---|
dictionaries | array_object see DictionaryMeta | Yes | List of dictionaries to apply in config. See DictionaryMeta |
countUniqueOccurrences | string | Yes | Count of unique occurrences to be matched. |
applicableFileTypes | array_string | File types must be applied only for rule type "FileContent", otherwise must be empty. | Can be ["PDF", "WORD", "EXCEL", "POWERPOINT", "ZIP", "CSV", "TXT"]. |
DictionaryMeta
Field | Type | Required | Description |
---|---|---|---|
dictId | string | Yes | Unique dictionary identifier. |
name | string | Yes | Dictionary version. |
version | string | Yes | Dictionary name. |
FileClassifierConfig
Field | Type | Required | Description |
---|---|---|---|
classifiers | Map<String, String> | Yes | Classifier is defined as a Key and its Value: e.g.: "classification": "Internal". Name and value can contain UTF-8 characters. Neither the name nor value cannot be left empty. Maximum 30 characters for the name and value, case insensitive. If files contains k-v pairs in the classifers map, it means a match. Maximum 30 classifiers per policy. |
applicableFileTypes | array_string | Yes | File types that can be applied. Can be ["PDF", "WORD", "EXCEL", "POWERPOINT", "ZIP", "CSV", "TXT"]. |
FilePasswordConfig
Password protected detection config for files that are password protected or not.
Field | Type | Required | Description |
---|---|---|---|
applicableFileTypes | array_string | Yes | File types that can be applied. Can be ["PDF", "WORD", "EXCEL", "POWERPOINT", "ZIP", "CSV", "TXT"]. |
matchCriteria | array_string | Yes | Based on the criteria, whether a file is password protected or not means a match.Can be ["PASSWORD_PROTECTED". "NOT_PASSWORD_PROTECTED"]. The default is "NOT_PASSWORD_PROTECTED". |
Required Permissions
Calling this endpoint requires a Service User Account set with the Expression Filter Policy Management role. For more information about Service User accounts and their roles, see the Symphony Administration Guide.
See Bot Permissions for a list of roles and associated privileges.