Definition of the Context Object
Field | Required | Type | Description | Values | comments |
---|---|---|---|---|---|
global_message _id |
Yes | String | An arbitrary string created by the client, principally for linking log records across services. | Examples: HVD6mj:gPkf:282054 vwB7mj:l62d:7970 ZlM2mj:r7dg:891191 |
|
client_name | Yes | Enumerator | The client that sent the inspection request. | [FORCEPOINT_WEB, FORCEPOINT_EMAIL, FONE_CASB, FONE_SWG, CUSTOM_APPLICATION, UNKNOWN] | For API protector, the client name should always be Custom Application. |
data_channel | Yes | Enumerator | The channel through which the transaction came. | [EMAIL, HTTP, HTTPS, CASB_API, CASB_REAL_TIME, CASB_DISCOVERY, TESTING_CHANNEL] | For API protector, the data_channel field’s value should always be one of the following: [HTTP, HTTPS, CASB_API, CASB_REAL_TIME, EMAIL] |
activity_type | Yes | Enumerator | The operation performed by the source. | [NONE, UPLOAD, DOWNLOAD, SHARE, EXTERNAL_SHARE, REQUEST, SYNC, UNSHARE, DELETE, CREATE, MODIFY, VIEW, MOVE, LOCK, RENAME, RESTORE, PRINT, COPY, SEND, INTERNAL_SHARE, PUBLIC_SHARE, UNKNOWN] | For API protector these are the allowed operations (activity_type values) per each channel: HTTP: UPLOAD
HTTPS: UPLOAD
CASB_API: CREATE, MODIFY, DOWNLOAD, EXTERNAL_SHARE, INTERNAL_SHARE, PUBLIC_SHARE
CASB_REAL_TIME: UPLOAD, DOWNLOAD
EMAIL: SEND |
occurred_message _timestamp_utc _ms |
Yes | long | The event detection time stamp by the client in the format of utc in ms units | ||
inspection_request _timeout_ms |
No | long | The timeout assigned for the inspection request | Between 20 and 300000 (returns HTTP error 400 if not in range). |
If this is empty, the rest server will assign a timeout of 300 sec for offline channels and 10 sec for all the other channels. *1ms setting. |
is_device _managed |
No - if the client has this information than it should send it. | Boolean | True if the device performing the operation is managed | true, false |