Palo Alto Networks · Capability

Palo Alto Networks Data Protection

Unified data protection capability for managing DLP incidents, email DLP events, SaaS security incidents and assets, and SaaS security posture checks across Enterprise DLP, Email DLP, SaaS Security, and SSPM APIs.

Run with Naftiko Palo Alto NetworksData ProtectionDLPSaaS SecuritySSPMIdentity Security Posture

What You Can Do

GET
List dlp incidents — List DLP incidents with optional filters.
/v1/dlp-incidents
GET
Get dlp incident — Retrieve a specific DLP incident by ID.
/v1/dlp-incidents/{incident_id}
PUT
Update dlp incident — Update a DLP incident.
/v1/dlp-incidents/{incident_id}
GET
Get dlp snippets — Get data snippets for a specific DLP incident.
/v1/dlp-incidents/{incident_id}/snippets
GET
List data patterns — List available data patterns.
/v1/data-patterns
GET
Get data pattern — Retrieve a specific data pattern by ID.
/v1/data-patterns/{pattern_id}
GET
Get dlp report summary — Get a DLP summary report for a given time range.
/v1/dlp-reports/summary
GET
List email incidents — List email DLP incidents with optional filters.
/v1/email-incidents
GET
Get email incident — Retrieve a specific email DLP incident by ID.
/v1/email-incidents/{incident_id}
PUT
Update email verdict — Update the verdict for an email DLP incident.
/v1/email-incidents/{incident_id}/verdict
GET
Get email attachments — Get attachments for a specific email DLP incident.
/v1/email-incidents/{incident_id}/attachments
GET
Get email recipients — Get recipients for a specific email DLP incident.
/v1/email-incidents/{incident_id}/recipients
GET
List saas incidents — List SaaS security incidents with optional filters.
/v1/saas-incidents
GET
Get saas incident — Retrieve details for a specific SaaS security incident.
/v1/saas-incidents/{incident_id}
PUT
Update saas incident — Update a specific SaaS security incident.
/v1/saas-incidents/{incident_id}
GET
List saas assets — Retrieve a list of monitored SaaS assets.
/v1/saas-assets
GET
Get saas asset — Retrieve details for a specific SaaS asset.
/v1/saas-assets/{asset_id}
GET
List saas applications — Retrieve a list of connected SaaS applications.
/v1/saas-applications
GET
List saas users — Retrieve a list of users across SaaS applications.
/v1/saas-users
GET
Get user activities — Retrieve activity log for a specific user.
/v1/saas-users/{user_id}/activities
GET
Get log forwarding settings — Retrieve log forwarding configuration settings.
/v1/log-forwarding-settings
GET
List onboarded apps — List all onboarded SaaS applications.
/v1/sspm-apps
POST
Onboard app — Onboard a new SaaS application.
/v1/sspm-apps
DELETE
Remove app — Remove an onboarded SaaS application.
/v1/sspm-apps/{app_id}
GET
List posture checks — List posture checks with optional filters.
/v1/posture-checks
GET
Get posture check — Get a specific posture check by ID.
/v1/posture-checks/{check_id}
PUT
Update posture check status — Update the status of a posture check.
/v1/posture-checks/{check_id}/status
GET
List app catalog — List available applications in the catalog.
/v1/sspm-app-catalog
GET
List jira integrations — List all Jira integrations.
/v1/jira-integrations
POST
Create jira integration — Create a new Jira integration.
/v1/jira-integrations

MCP Tools

list-dlp-incidents

List DLP incidents with optional filters for severity and status.

read-only idempotent
get-dlp-incident

Retrieve a specific DLP incident by ID.

read-only idempotent
update-dlp-incident

Update a DLP incident status or assignee.

idempotent
get-dlp-snippets

Get data snippets for a specific DLP incident.

read-only idempotent
list-data-patterns

List available DLP data patterns.

read-only idempotent
get-data-pattern

Retrieve a specific DLP data pattern by ID.

read-only idempotent
get-dlp-report-summary

Get a DLP summary report for a given time range.

read-only idempotent
list-email-incidents

List email DLP incidents with optional filters.

read-only idempotent
get-email-incident

Retrieve a specific email DLP incident by ID.

read-only idempotent
update-email-verdict

Update the verdict for an email DLP incident.

idempotent
get-email-attachments

Get attachments for a specific email DLP incident.

read-only idempotent
get-email-recipients

Get recipients for a specific email DLP incident.

read-only idempotent
list-saas-incidents

Retrieve a list of SaaS security incidents.

read-only idempotent
get-saas-incident

Retrieve details for a specific SaaS security incident.

read-only idempotent
update-saas-incident

Update a specific SaaS security incident.

idempotent
list-saas-assets

Retrieve a list of monitored SaaS assets.

read-only idempotent
get-saas-asset

Retrieve details for a specific SaaS asset.

read-only idempotent
list-saas-applications

Retrieve a list of connected SaaS applications.

read-only idempotent
list-saas-users

Retrieve a list of users across SaaS applications.

read-only idempotent
get-user-activities

Retrieve activity log for a specific user.

read-only idempotent
get-log-forwarding-settings

Retrieve log forwarding configuration settings.

read-only idempotent
list-onboarded-apps

List all onboarded SaaS applications in SSPM.

read-only idempotent
onboard-app

Onboard a new SaaS application in SSPM.

remove-app

Remove an onboarded SaaS application from SSPM.

idempotent
list-posture-checks

List SSPM posture checks with optional filters.

read-only idempotent
get-posture-check

Get a specific SSPM posture check by ID.

read-only idempotent
update-posture-check-status

Update the status of an SSPM posture check.

idempotent
list-app-catalog

List available applications in the SSPM catalog.

read-only idempotent
list-jira-integrations

List all SSPM Jira integrations.

read-only idempotent
create-jira-integration

Create a new Jira integration for SSPM.

Who This Is For

👤
Data Protection Analyst
Investigates DLP incidents and manages sensitive data protection policies.

APIs Used

dlp email-dlp saas-security sspm identity-security-posture