Upload Logs

Introduction to the upload logs interface.

Overview

The request log interface is used to sequentially send logs of Unified Content Web-Service Inspector (UCWI) requests to the Unified Content Secure Server (UCSS).

Interface Description

The UploadLogs interface is used to upload security log information for requests.

Log Content Format

The uploaded log content should be in JSON format.

Detailed specifications are shown in the following tables:
  • Layer 1:
    Field Type Description Remarks
    data list Log list For details of list items, see Layer 2.
  • Layer 2:
    Field Type Description Remarks
    channel int Channel Current version supports the following channels:
    • 1 - HTTP Channel
    • 5 - Email (SMTP) Channel
    • 25 - WebService Application Channel
    detectedTime string Detection Time Format: 2019-10-29T06:28:43.412906 (log generation time).
    filename string Filename
    filePath string File Path Populated when files are provided via object storage; otherwise, empty value "".
    fileSize int File Size
    hasIncident bool Incident Detected Possible values:
    • True: Data leakage incident detected.
    • False: No data leakage incident detected.
    hasVirus bool Virus Detected Possible values:
    • True: Virus detected.
    • False: No virus detected.
    incidentData json Incident Information Details:
    • When hasIncident is True, displays related incident data. See Incident Information.
    • When hasIncident is False, shows empty value {}.
    message string Message
    networkInfo json Network Information (source and destination) Present in every request. Details in Network Information.
    queryID string Request ID Equivalent to Log ID.
    result int Request Processing Result Possible values:
    • 0: Success, no exceptions.
    • Other values: Processing exception occurred.
    virusInfo list Virus Information Details:
    • When hasVirus is True, displays virus details. See Antivirus Information.
    • When hasVirus is False, shows empty value [].
  • Layer 3: Displays the following information:
    • Data Loss Prevention (DLP) Incident Information
      Field Type Description Remarks
      actionTaken json Policy Action Response format from Content Analysis Engine (CAE), showing policy actions taken for data leakage incidents. Example: Response Format Example.
      incidentInfo json Incident Data Response format from Content Analysis Engine (CAE), showing incident ID. Example: Response Format Example.
      matchedPolicies json Matched Policies Response format from Content Analysis Engine (CAE), showing matched policies. Example: Response Format Example.
      Content Analysis Engine (CAE) Response Format Example:
      {
    "incidentInfo": {
        "speHostname": "ucwi",     # Hostname of the analysis engine
        "incidentId": "fb027e73-5f14-44d4-b37d-fc18f5bc1368"   # Incident ID
    },
    "actionTaken": {
        "agentAction": 2,
        "policyAction": 2              # Policy Action
    },
    "matchedPolicies": [
        {
            "uuid": "1ab39769-465c-458a-a544-de8923092da4",
            "name": "\u5173\u952e\u5b57"
        }
    ],
}
    • Antivirus Information
      Field Type Description Remarks
      virusName string Virus Name
      virusType string Virus Type
    • Network Information
      Field Type Description Remarks
      source json Source Examples:
      destinations json Destination Same format as source.
      Network information examples by channel:
      • HTTP Network Information Format:
        {
    "source": {
        "incidentUser": {
            "username": "cloudtest\\httpuser",
            "ipAddress": "172.22.117.242"
        }
    },
    "destinations": [
        {
            "incidentUser": {
                "url": "http://172.16.0.1/post.php",
                "ipAddress": "172.16.0.1"
            }
        }
    ]
}
      • Email Network Information Format:
        {
    "source": {
        "incidentUser": {
            "emailAddress": "skgqa-senduser@company.com.cn"
        }
    },
 
    "destinations": [
        {
            "incidentUser": {
                "emailAddress": "cloud-receiveruser@company.com.cn"
            }
        },
        {
            "incidentUser": {
                "emailAddress": "external-receiveruser@163.com"
            }
        }
    ]
}
      • WebService App Network Information Format:
        {
    "source": {
        "incidentUser": {
            "username": "cloudtest\\clouduser"
        }
    },
    "destinations": [
        {
            "incidentUser": {
                "WebServiceappID": "46ec3c0a-458c-4dbe-bf4b-4f8786aa6cef",
            }
        }
    ]
}