casb_malware_rules

The following methods allow for interaction with the ZIA Casb Malware Rules API endpoints.

Methods are accessible via zia.casb_malware_rules

Copyright (c) 2023, Zscaler Inc.

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

class CasbMalwareRulesAPI

Bases: APIClient

add_rule(**kwargs)

Adds a new cloud app control rule.

Parameters:

name (str) – Name of the rule.

Keyword Arguments:

  • order (str) – The order of the rule, defaults to adding rule to bottom of list

  • enabled (bool) – The rule state

  • type (str) –

    The type of the rule (e.g., “OFLCASB_AVP_ITSM”).

    Supported Values: ANY, NONE, OFLCASB_AVP_FILE, OFLCASB_AVP_EMAIL,

    OFLCASB_AVP_CRM, OFLCASB_AVP_ITSM, OFLCASB_AVP_COLLAB, OFLCASB_AVP_REPO, OFLCASB_AVP_STORAGE, OFLCASB_AVP_GENAI

  • cloud_app_tenant_ids (list) – The list of cloud application tenants IDs for which the rule is applied

  • bucket_ids (list) – The list of buckets IDs for the Zscaler service to inspect for sensitive data

  • labels (list) – The list of label IDs that this rule applies to

  • casb_email_label (dict) – Name-ID of the email label associated with the rule

  • casb_tombstone_template (dict) – Name-ID of the quarantine tombstone template associated with the rule

Returns:

New casb malware rule resource.

Return type:

Tuple

Examples

casb malware rule for ITSM Access:

>>> added_rule, _, error = client.zia.casb_malware_rules.add_rule(
...     name='GitLab_Tenant01',
...     type = "OFLCASB_AVP_REPO",
...     action = "OFLCASB_AVP_REPORT_MALWARE",
...     enabled=True,
...     order=1,
...     cloud_app_tenant_ids = [15881081],
...     labels = [1441065],
...     bucket_ids = [1442271, 1442270, 1442268, 1442269, 1442272],
... )
>>> if error:
...     print(f"Error adding rule: {error}")
...     return
... print(f"Rule added successfully: {added_rule.as_dict()}")
... )
delete_rule(rule_type, rule_id)

Deletes the specified Casb Malware Rules.

Parameters:

  • rule_id (int) – The unique identifier for the Casb Malware Rules.

  • rule_type (str) –

    The type of the rule (e.g., “OFLCASB_AVP_ITSM”).

    Supported Values: ANY, NONE, OFLCASB_AVP_FILE, OFLCASB_AVP_EMAIL,

    OFLCASB_AVP_CRM, OFLCASB_AVP_ITSM, OFLCASB_AVP_COLLAB, OFLCASB_AVP_REPO, OFLCASB_AVP_STORAGE, OFLCASB_AVP_GENAI

Returns:

The status code for the operation.

Return type:

int

Examples

>>> _, _, error = client.zia.casb_malware_rules.delete_rule(
...     rule_type='OFLCASB_AVP_REPO',
...     rule_id='1072324'
... )
>>> if error:
...     print(f"Error deleting rule: {error}")
...     return
... print(f"Rule with ID 1072324 deleted successfully.")
get_rule(rule_id, rule_type)

Returns information for the specified casb malware rule under the specified rule type.

Parameters:

  • rule_id (str) – The unique identifier for the casb malware rule.

  • rule_type (str) –

    The type of the rule (e.g., “OFLCASB_AVP_ITSM”).

    Supported Values: ANY, NONE, OFLCASB_AVP_FILE, OFLCASB_AVP_EMAIL,

    OFLCASB_AVP_CRM, OFLCASB_AVP_ITSM, OFLCASB_AVP_COLLAB, OFLCASB_AVP_REPO, OFLCASB_AVP_STORAGE, OFLCASB_AVP_GENAI

Returns:

The resource record for the casb malware rule.

Return type:

Tuple

Examples

Get a specific rule by ID and type:

>>> fetched_rule, _, error = client.zia.casb_malware_rules.get_rule(
...     rule_type='OFLCASB_AVP_REPO',
...     rule_id='1072401',
... )
>>> if error:
...     print(f"Error fetching rule by ID: {error}")
...     return
... print(f"Fetched rule by ID: {fetched_rule.as_dict()}")
list_all_rules()

Returns a list of all Casb Malware Rules.

Parameters:

N/A

Returns:

The list of all Casb Malware Rules.

Return type:

tuple

Examples

List all casb malware rules:

>>> rules_list, _, error = client.zia.casb_malware_rules.list_all_rules(
>>> if error:
...     print(f"Error listing all Casb Malware Rules rules: {error}")
...     return
... print(f"Total rules found: {len(rules_list)}")
... for rule in rules_list:
...     print(rule.as_dict())
list_rules(query_params=None)

Returns a list of all Casb Malware Rules for the specified rule type.

Parameters:

{dict} (query_params) –

Map of query parameters for the request.

[query_params.search] {str}: Search string for filtering results.

[query_params.rule_type] {str}: The type of rules to retrieve (e.g., “OFLCASB_AVP_ITSM”).

Supported Values: ANY, NONE, OFLCASB_AVP_FILE, OFLCASB_AVP_EMAIL,

OFLCASB_AVP_CRM, OFLCASB_AVP_ITSM, OFLCASB_AVP_COLLAB, OFLCASB_AVP_REPO, OFLCASB_AVP_STORAGE, OFLCASB_AVP_GENAI

Returns:

The list of Casb Malware Rules.

Return type:

tuple

Examples

List all rules for a specific type:

>>> rules_list, _, error = client.zia.casb_malware_rules.list_rules(
... query_params={'rule_type': 'OFLCASB_AVP_REPO'})
>>> if error:
...     print(f"Error listing casb malware rules rules: {error}")
...     return
... print(f"Total rules found: {len(rules_list)}")
... for rule in rules_list:
...     print(rule.as_dict())
update_rule(rule_id, **kwargs)

Updates an existing casb malware rule.

Parameters:

name (str) – Name of the rule.

Keyword Arguments:

  • order (str) – The order of the rule, defaults to adding rule to bottom of list

  • enabled (bool) – The rule state

  • type (str) –

    The type of the rule (e.g., “OFLCASB_AVP_ITSM”).

    Supported Values: ANY, NONE, OFLCASB_AVP_FILE, OFLCASB_AVP_EMAIL,

    OFLCASB_AVP_CRM, OFLCASB_AVP_ITSM, OFLCASB_AVP_COLLAB, OFLCASB_AVP_REPO, OFLCASB_AVP_STORAGE, OFLCASB_AVP_GENAI

  • cloud_app_tenant_ids (list) – The list of cloud application tenants IDs for which the rule is applied

  • bucket_ids (list) – The list of buckets IDs for the Zscaler service to inspect for sensitive data

  • labels (list) – The list of label IDs that this rule applies to

  • casb_email_label (dict) – Name-ID of the email label associated with the rule

  • casb_tombstone_template (dict) – Name-ID of the quarantine tombstone template associated with the rule

Returns:

Existing Casb Malware Rules resource.

Return type:

Tuple

Examples

Update an existing casb malware rule for ITSM Access:

>>> updated_rule, _, error = client.zia.casb_malware_rules.update_rule(
...     rule_id='1072324',
...     name='GitLab_Tenant01',
...     type = "OFLCASB_AVP_REPO",
...     action = "OFLCASB_AVP_REPORT_MALWARE",
...     enabled=True,
...     order=1,
...     cloud_app_tenant_ids = [15881081],
...     labels = [1441065],
...     bucket_ids = [1442271, 1442270, 1442268, 1442269, 1442272],
... )
>>> if error:
...     print(f"Error updating rule: {error}")
...     return
... print(f"Rule updated successfully: {updated_rule.as_dict()}")
... )