Symphony Messaging REST APIs
  • Symphony Messaging API Reference documentation
  • Endpoints Reference
    • Bots Authentication
      • Session Authenticate
      • Key Manager Authenticate
      • Session Authenticate (Cert)
      • Key Manager Authenticate (Cert)
      • Session Logout
      • Key Manager Logout
    • Apps Authentication
      • Authenticate App
      • Pod Certificate
    • Apps On Behalf Of (OBO)
      • API Endpoints for Apps
      • App Authentication
      • User Authentication by User ID
      • User Authentication by User Name
    • Info - Health Check
      • Health Check
      • Health Check Extended
      • Session User
      • Agent Info
      • Echo
    • Messages
      • Get Messages
      • Create Message
      • Blast Message
      • Attachment
      • Import Message
      • Update Message
      • Suppress Message
      • Message Search
      • Message Search
      • Message Status
      • Attachment Types
      • Get Message
      • List Attachments
      • List Message Receipts
      • Message Metadata
    • Datafeed - Real Time Events
      • Create Datafeed
      • Read Datafeed
      • List Datafeed
      • Delete Datafeed
    • Datahose - Pod Real Time Events
      • Datahose - Read Events
    • Streams - Conversations
      • Related to IMs
        • Create IM
        • Create IM non-inclusive
        • Update IM
        • IM Info
      • Related to Rooms
        • Room Attributes
        • Create Room
        • Update Room
        • Room Info
        • De/Re-activate Room
        • Room Members
        • Add Member
        • Remove Member
        • Promote Owner
        • Demote Owner
        • Search Rooms
      • All streams
        • Share Content
        • List User Streams
        • List User Streams (Admin)
        • Stream Info
        • List Streams for Enterprise
        • Stream Members
    • Signals
      • List Signals
      • Get Signal
      • Create Signal
      • Update Signal
      • Delete Signal
      • Subscribe Signal
      • Unsubscribe Signal
      • Suscribers
      • Signal Object
    • Connections
      • Get Connection
      • List Connection
      • Create Connection
      • Accept Connection
      • Reject Connection
      • Remove Connection
    • Presence
      • Get Presence
      • Get All Presence
      • Get User Presence
      • External Presence Interest
      • Set Presence
      • Set Other User's Presence - Admin
    • Users
      • Users Lookup
      • Search Users
      • Follow User
      • Unfollow User
      • List User Followers
      • List Users Followed
    • User Management
      • User Attributes Object
      • Password Object
      • Roles Object
      • UserKeyRequest Object
      • Get User
      • List Users
      • Create User
      • Update User
      • User Avatar
      • Update User Avatar
      • User Status
      • Update User Status
      • List Features
      • User Features
      • Update User Features
      • Find Users
      • List Roles
      • Add Role
      • Remove Role
      • List Audit Trail
      • Suspend User Account
      • Get Bot Manifest
      • Update Bot Manifest
    • User Sessions
      • List Sessions
      • Logout Session
      • Logout All Sessions
    • Groups - Distribution Lists
      • OAuth2 Authenticate
      • Add a new user to an existing group
      • Insert a new group
      • Retrieve a group
      • Update a group
      • List all groups of specified type
      • Update the group avatar
    • URI Protocols
      • Create Protocol
      • List Protocols
      • Delete Protocol
    • Manage Apps
      • Create App
      • Update App
      • Delete App
      • Get App
    • Apps Entitlements
      • List Apps
      • Update App Entitlements
      • List User Apps
      • Update User Apps
      • Update All User Apps
    • Disclaimers
      • Disclaimer
      • List Disclaimers
      • List Disclaimer Users
      • User Disclaimer
      • Update User Disclaimer
      • Unassign User Disclaimer
    • Delegates
      • User Delegates
      • Update User Delegates
    • Information Barrier Groups
      • List IB Groups
      • List IB Group Members
      • Add IB Group Members
      • Remove IB Group Members
      • List Policies
    • Certificates
      • Public (Signing) Certificate
      • List Company Certificates
      • Create Company Certificate
      • Delete Company Certificate
      • Company Certificate Details
      • List Verified Certificates
      • List Trusted Certificates
      • List Certificate Types
      • Update Company Certificate
    • Malware Scanner
      • Malware Scanner APIs
        • File Malware Scanner State
        • Update File Malware Scanner State
      • Customer Malware Scanner APIs
        • Malware Scanner Health
        • File Malware Scanner
    • DLP Dictionary & Policy Management
      • Overview
      • Dictionary Management endpoints
        • Create Dictionary
        • All Dictionaries
        • Specific Dictionary
        • Update Dictionary
        • Upload Dictionary Content
        • Download Dictionary Content
        • Delete Dictionary
      • V3 Policy Management endpoints
        • V3 Policy structure for Create/Update
        • V3 Create Policy
        • V3 All Policies
        • V3 Get Policy
        • V3 Update Policy
        • V3 Enable Policy
        • V3 Disable Policy
        • V3 Delete Policy
      • V3 Violations endpoints
        • V3 Violations - Sample Responses
        • V3 Violations - Special Scenarios of Attachments
        • V3 Message Violations
        • V3 Signal Violations
        • V3 Stream Violations
        • V3 Violation Attachment Download
    • Audit Trail 2
      • OAuth2 Authenticate
      • Get Audit trails
      • Get distinct values of a list of filters
      • Get Audit Trail Stream
      • Get categories permissions
    • Compliance Barrier Groups
      • Compliance Group Types
      • Compliance User Groups
        • List Compliance User Groups
        • Get a Compliance User Group
        • Create a Compliance User Group
        • Update a Compliance User Group
      • Compliance Group Assignments
        • List Assignments
        • List Compliance Group Assignments
        • Update a Compliance Group
      • Compliance Group Memberships
        • List Memberships
        • List Compliance Group Memberships
        • Add Compliance Group Membership
        • Update a User Membership
  • Deprecated Endpoints
    • DLP Dictionary and Policy management
      • V2 Policy Management endpoints
        • V2 Create Policy
        • V2 All Policies
        • V2 Get Policy
        • V2 Update Policy
        • V2 Enable Policy
        • V2 Disable Policy
        • V2 Delete Policy
      • V2 Violations endpoints
        • V2 Signal Violations
        • V2 Message Violations
        • V2 Stream Violations
    • Create Presence Feed
    • Read Presence Feed
    • Delete Presence Feed
    • Get Message IDs by Timestamp
    • Health Check v2
    • Datafeed 1
      • Create Datafeed 1
      • Read Datafeed 1
Powered by GitBook
On this page
  • Overview:
  • API Description and Sample Responses
  • EFv3 Endpoints:
  • Key Parameters
  • Key Headers
  • Sample Responses
  • Encryption and Authorization:

Was this helpful?

  1. Endpoints Reference
  2. DLP Dictionary & Policy Management

V3 Violations endpoints

Last updated 4 months ago

Was this helpful?

Overview:

The Violations endpoints enable you to get violations of messages, signals, and streams. Use these endpoints to retrieve Expression Filtering v3 (EFv3) violations.

V3 Violations endpoints are only available in some of our customer environments. To know if these endpoints are available to you, please check with your Technical Account Manager or your usual contact point at Symphony.

  • Message Violations: A Block or warning that happens when sending messages with terms that match the violation policy. EFv3 provides DLP enforcement on the content (except mentions) of IMs, MIMs, chat rooms, wall posts, shared signals, posts on behalf of, shared wall posts, shared articles, blasts, forwards and replies. In addition, administrators can configure EFv3 policies that will enforce DLP on the content of attachments and certain metadata of attachments. The metadata that can be enforced in EFv3 are size (e.g. 3 Mb limit), classification tags, password protection and attachment type (file extension, e.g .txt files). For more information on creating and updating EFv3 policies please view the documentation for .

  • Signal Violations: A Block or warning that happens when creating or updating signals with terms that match the violation policy. For signals, only the signal name is analyzed. Note that if a signal created before enabling DLP contains violations, DLP will block the signal when trying to “push signal”.

  • Stream Violations: A Block or warning that happens when creating or updating rooms with terms that match the violation policy. For streams, the DLP analyses the name and description of internal and external rooms.

When EFv3 is enabled, Symphony may block or warn the user from sending a message, creating or updating rooms or signals if any of the terms used by the user match the terms in a policy. Any message that matches a term from a policy will be recorded.

  • If the policy action is "block", the user cannot send the message, create or update the room or signal.

  • If the policy action is "warn", the user can ignore the warning (and send the content) or edit the content

Additionally, the policy action could be set to "log-only". If the message action is set to "log-only", DLP does not block the content but a violation is generated. In this case, the end-user will not be affected but a corresponding violation will be saved so that users of these violation endpoints can view all information regarding the action.

Agent configuration flag required: Customers which pod is deployed on GCP are required to configure their Agent with the flag agent.dlp.violationSource set to "audit", in order to be able to use the DLP APIs. This flag is only supported for Agent version 24.9 and later. For more information, please contact your Symphony Technical Account Manager or the support team.

API Description and Sample Responses

EFv3 Endpoints:

📘 Attachment Related Violations

Violations that occur for attachment content or metadata will be queryable through the Messages endpoint

Key Parameters

  • Time range of violations - startTime, endTime.

  • Number of violations in each request - limit (max is 500). If limit is not set, the maximum of 50 violations will be returned and the nextOffset parameter will be empty. The nextOffset parameter only returns a value when the response reaches more than 50 violations.

  • Next offset for next chunk - next (the value is null for the first request).

Key Headers

Sample Responses

For more information and examples of message and attachment violations, refer to:

🚧 Migrating from older versions of DLP

If you are migrating from an older version of DLP (EFv1 or EFv2), please keep in mind that violations that occurred with any older versions will not be accessible through these endpoints. Only EFv3 violations can be queried through EFv3 violations endpoints. You will need to use the older violation endpoints to retrieve EFv1 or EFv2 violations.

Once EFv3 is enabled, EFv2 violations will no longer be generated.

Encryption and Authorization:

Message content and violation details for EFv3 violations are encrypted using a special key referred to as the DLP_CRYPTO_KEY. Only users with specific roles can access this key to decrypt the message content and violation details. The roles that have access to this key are:

  • CONTENT_EXPORT_SERVICE

  • EF_POLICY_MANAGEMENT

  • SUPER_ADMINISTRATOR

  • SUPER_COMPLIANCE_OFFICER

The Content Export service user must be used to download attachments. No other service accounts are able to perform this operation.

• Stream metadata - https://agent/v3/dlp/violations/stream/?startTime=1504234983000&endTime=1504237983000&limit=100&next=

• Signal names and rules - https://agent/v3/dlp/violations/signal/?startTime=1504234983000&endTime=1504237983000&limit=100&next=

• Messages - https://agent/v3/dlp/violations/message/?startTime=1504234983000&endTime=1504237983000&limit=100&next=

The fileId of the attachment and messageId of the message that triggered the DLP policy are included in the violation. You can use these two parameters in the to download the actual attachment

Session token obtained from endpoint - sessionToken.

Key manager token obtained from endpoint - keyManagerToken.

Please, visit the for more details.

. .

For more information about Service User accounts and their roles, see the .

V3 Policy Management endpoints
Details here
Details here
Details here
download attachment endpoint
Session Authenticate
Key Manager Authenticate
Swagger API definition
Sample responses
Special Scenarios of Attachment Violations
Symphony Administration Guide