Definition of the Context Object

Table 1.
Field Required Type Description Values comments
global_message

_id

Yes String An arbitrary string created by the client, principally for linking log records across services. Examples:

HVD6mj:gPkf:282054

vwB7mj:l62d:7970

ZlM2mj:r7dg:891191

 
client_name Yes Enumerator The client that sent the inspection request. [FORCEPOINT_WEB, FORCEPOINT_EMAIL, FONE_CASB, FONE_SWG, CUSTOM_APPLICATION, UNKNOWN] For API protector, the client name should always be Custom Application.
data_channel Yes Enumerator The channel through which the transaction came. [EMAIL, HTTP, HTTPS, CASB_API, CASB_REAL_TIME, CASB_DISCOVERY, TESTING_CHANNEL] For API protector, the data_channel field’s value should always be one of the following:

[HTTP,

HTTPS,

CASB_API,

CASB_REAL_TIME,

EMAIL]
activity_type Yes Enumerator The operation performed by the source. [NONE, UPLOAD, DOWNLOAD, SHARE, EXTERNAL_SHARE, REQUEST, SYNC, UNSHARE, DELETE, CREATE, MODIFY, VIEW, MOVE, LOCK, RENAME, RESTORE, PRINT, COPY, SEND, INTERNAL_SHARE, PUBLIC_SHARE, UNKNOWN] For API protector these are the allowed operations (activity_type values) per each channel:

HTTP:

UPLOAD

HTTPS:

UPLOAD

CASB_API:

CREATE,

MODIFY,

DOWNLOAD,

EXTERNAL_SHARE,

INTERNAL_SHARE,

PUBLIC_SHARE

CASB_REAL_TIME:

UPLOAD,

DOWNLOAD

EMAIL:

SEND

occurred_message

_timestamp_utc

_ms

Yes long The event detection time stamp by the client in the format of utc in ms units    
inspection_request

_timeout_ms

No long The timeout assigned for the inspection request Between 20 and 300000 (returns HTTP error 400 if not in range).

If this is empty, the rest server will assign a timeout of 300 sec for offline channels and 10 sec for all the other channels.

*1ms setting.

is_device

_managed

No - if the client has this information than it should send it. Boolean True if the device performing the operation is managed true, false