list_chats_rules |
List all Chats (GenAI DLP) rules. |
read |
list_ai_access_rules |
List all AI Access rules that control which AI services and applications users are allowed to interact with. |
read |
list_web_access_rules |
List all Web Access rules for Browse Security. |
read |
list_agents_rules |
List all Agents (MCP Server) rules that govern agent interactions. |
read |
list_secure_browsing_rules |
List all Secure Browsing threat-prevention rules. |
read |
list_dlp_rules |
List all Browse DLP (Data Loss Prevention) rules for browser security. |
read |
set_rule_info |
Update the display name and description of a rule identified by its UUID. |
write |
set_rule_active |
Enable or disable a rule without deleting it. |
write |
reorder_rule |
Move a rule to a new position in the rulebase. |
write |
delete_rule |
Permanently delete a rule from the rulebase by its UUID. |
write |
create_chats_rule |
Create a new Chats (GenAI DLP) rule. |
write |
create_ai_access_rule |
Create a new AI Access rule that controls which AI services and applications users can interact with. |
write |
create_agents_rule |
Create a new Agents (MCP Server) rule that governs agent interactions. |
write |
create_dlp_rule |
Create a new Browse DLP rule for data loss prevention during web browsing. |
write |
create_secure_browsing_rule |
Create a new Secure Browsing threat-prevention rule. |
write |
set_chats_policy |
Replace the entire policy configuration of a Chats rule (also known as 'Chats' in AI Security UI — POLICY_TYPE_DLP). |
write |
patch_chats_policy |
Deep-merge partial changes into a Chats rule's policy. |
write |
set_access_policy |
Replace the entire policy configuration of an AI Access rule (POLICY_TYPE_ACCESS). |
write |
patch_access_policy |
Deep-merge partial changes into an AI Access rule's policy. |
write |
set_agents_policy |
Replace the entire policy configuration of an Agents rule (also known as 'Agents' — POLICY_TYPE_MCP_SERVER). |
write |
patch_agents_policy |
Deep-merge partial changes into an Agents rule's policy. |
write |
set_secure_browsing_policy |
Replace the entire policy configuration of a Secure Browsing rule (POLICY_TYPE_THREAT_PREVENTION). |
write |
patch_secure_browsing_policy |
Deep-merge partial changes into a Secure Browsing rule's policy. |
write |
set_rule_source |
Replace the full source (user/group assignments) list of a rule. |
write |
set_rule_objects |
Replace all objects attached to a rule for a specific feature. |
write |
list_file_protection_objects |
List all file-protection policy objects. |
read |
update_file_protection_object |
Update an existing file-protection object. |
write |
create_file_protection_object |
Create a new file-protection object. |
write |
list_domains_objects |
List all domains policy objects. |
read |
update_domains_object |
Update an existing domains object. |
write |
create_domains_object |
Create a new domains object containing a list of domain entries for domain-based filtering (allow/block lists). |
write |
delete_object |
Permanently delete a policy object (file-protection or domains) by its UUID. |
write |
get_tenant_dlp_datatypes |
Get the tenant-specific DLP datatype configuration showing which data types are currently enabled for detection in this tenant's policies.. |
read |
search_dlp_datatypes |
Search DLP data types by name or description with pagination. |
read |
analyze_shadow_rules |
Find unreachable (shadowed) rules in a rulebase. |
read |
resolve_matching_rule |
Given a user and target, determine which rule in the rulebase would apply. |
read |
search_assets |
Search deployed assets (endpoints/devices) with optional filtering, sorting, text search, and pagination. |
read |
count_assets |
Get the total count of deployed assets, optionally filtered. |
read |
search_users |
Search users in the organization with optional text search and pagination. |
read |
search_apps |
Search the GenAI apps catalog by name, description, or URL. |
read |
get_apps_by_ids |
Get specific GenAI apps from the catalog by their numeric IDs. |
read |