Fortinet black logo

Online Help

Home FortiCASB 23.4.a Online Help
23.4.a
24.1.b
24.1.a
23.4.a
23.3.a
23.2.b
23.2.a
23.1.0
22.4.0
21.4.0
21.2.0
21.1.0
20.4.1
20.4.0
20.3.0
20.2.0
20.1.0
4.2.0
4.1.0
2.1.0

Get Threat Protection Policy List

Get Threat Protection Policy List

Description

Return all FortiCASB Threat Protection Policies and details of the specified cloud service account.

URL

/api/v1/policy/tpList

Method: Get

Request Headers

Key

Value

Type

Description
Authorization Bearer <Authorization Token> String Authorization credential generated by FortiCASB
Content-Type application/json String

buId

<Business Unit ID>

Long

The targeted business unit ID on FortiCASB. Business unit ID can be obtained through . Alternatively, it can also be obtained from the REST API Get Resource Map

service

<Salesforce>

String

Cloud service account
companyId <Company ID> Integer Company ID of which the business unit is under, can be obtained through Get Resource Map.

Sample Request

Request URL

GET https://www.forticasb.com/api/v1/policy/tplist

Request Header

Authorization: Bearer <Authorization_Token>

Content-Type: application/json

buid: 6384

service: Office365

companyId: 62598

Response Variables

Name

Type

Description
name String Threat Protection Policy name
policyCategory String Category of the policy
policyId String Policy Id for identifying the policy

Sample Response

[

{

"policyId": 179,

"name": "Excessive Login Failures",

"service": "OFFICE365",

"description": "Alert when failed logins for a user exceeds threshold",

"type": "Access",

"severity": "Alert",

"enable": true,

"threshold": 1,

"interval": 2,

"alert": true,

"lastUpdatedBy": "",

"lastUpdated": 1696375132181,

"enableWorkflow": true,

"operatorType": "trigger",

"workflowSubject": "Policy '%s' added to workflow",

"workflowMessage": "Policy '%s' was added to your workflow. You will be notified when the alert's status changes.",

"enableEmail": false,

"emailSubject": "%s Alert",

"emailMessage": "An event matched '%s'. Please verify sensitive information is not exposed.",

"policyCategory": "Threat protection",

"regexPattern": ".*",

"receivers": [],

"vi": {

"velocity": true,

"vs": 0,

"vd": 0

},

"object": {

"nameMatch": true,

"extension": true,

"contextMatch": false,

"objSize": false,

"objNum": false,

"mFile": [],

"mContext": ".*",

"sizeThreshold": 10.0,

"zipThreshold": 0.0,

"numThreshold": 50,

"size": [],

"num": []

},

"isSelectAllEvents": false,

"isSelectAllUsers": false,

"dataPatterns": [],

"enableActivityMatching": false,

"enableContentMatching": false,

"allDatapattern": false,

"policyCode": "FC-ACT-001",

"storageConfig": {},

"enableCreatorEmail": false

}

]

Previous
Next

Get Threat Protection Policy List

Description

Return all FortiCASB Threat Protection Policies and details of the specified cloud service account.

URL

/api/v1/policy/tpList

Method: Get

Request Headers

Key

Value

Type

Description
Authorization Bearer <Authorization Token> String Authorization credential generated by FortiCASB
Content-Type application/json String

buId

<Business Unit ID>

Long

The targeted business unit ID on FortiCASB. Business unit ID can be obtained through . Alternatively, it can also be obtained from the REST API Get Resource Map

service

<Salesforce>

String

Cloud service account
companyId <Company ID> Integer Company ID of which the business unit is under, can be obtained through Get Resource Map.

Sample Request

Request URL

GET https://www.forticasb.com/api/v1/policy/tplist

Request Header

Authorization: Bearer <Authorization_Token>

Content-Type: application/json

buid: 6384

service: Office365

companyId: 62598

Response Variables

Name

Type

Description
name String Threat Protection Policy name
policyCategory String Category of the policy
policyId String Policy Id for identifying the policy

Sample Response

[

{

"policyId": 179,

"name": "Excessive Login Failures",

"service": "OFFICE365",

"description": "Alert when failed logins for a user exceeds threshold",

"type": "Access",

"severity": "Alert",

"enable": true,

"threshold": 1,

"interval": 2,

"alert": true,

"lastUpdatedBy": "",

"lastUpdated": 1696375132181,

"enableWorkflow": true,

"operatorType": "trigger",

"workflowSubject": "Policy '%s' added to workflow",

"workflowMessage": "Policy '%s' was added to your workflow. You will be notified when the alert's status changes.",

"enableEmail": false,

"emailSubject": "%s Alert",

"emailMessage": "An event matched '%s'. Please verify sensitive information is not exposed.",

"policyCategory": "Threat protection",

"regexPattern": ".*",

"receivers": [],

"vi": {

"velocity": true,

"vs": 0,

"vd": 0

},

"object": {

"nameMatch": true,

"extension": true,

"contextMatch": false,

"objSize": false,

"objNum": false,

"mFile": [],

"mContext": ".*",

"sizeThreshold": 10.0,

"zipThreshold": 0.0,

"numThreshold": 50,

"size": [],

"num": []

},

"isSelectAllEvents": false,

"isSelectAllUsers": false,

"dataPatterns": [],

"enableActivityMatching": false,

"enableContentMatching": false,

"allDatapattern": false,

"policyCode": "FC-ACT-001",

"storageConfig": {},

"enableCreatorEmail": false

}

]

Previous
Next