Introduction to Return Values of the Content Inspection Interface
Introduces the return values of the content inspection interface. If a policy is matched, the system will return the matched policy information.
Return Information JSON Parameters
The following list introduces the format structure of the local detection time in the content review return values, i.e., localDetectedTime.
- localDetectedTime: Detection Time
- localDetectedTime.incident_info: Incident Information
- localDetectedTime.incident_info.matchedPolicies: Matched Policies
- localDetectedTime.incident_info.matchedPolicies.numberOfMatches: Number of Events for Matched Policies
- localDetectedTime.incident_info.matchedPolicies.name: Name of the Matched Policy
- localDetectedTime.incident_info.matchedPolicies.actionSettingName: Action Executed for Violations
- localDetectedTime.incident_info.matchedPolicies.matchedRules: Matched Policy Rules
The following list introduces the format structure of the matched rules in the content review return values, i.e., matchedRules.
- matchedRules.name: Rule Name
- matchedRules.matchedConditions: Matched Conditions
- matchedRules.matchedConditions.type: Condition Match Type, including: Regular Expression, Dictionary, External Script, File Type Group, Keyword, Script, File Fingerprint, Machine Learning, Terminal Location, File Name, Attachment Quantity, Database Fingerprint, File Size, Binary, Compressed File Depth, Encrypted File, Format Mismatch File, and Built-in Template.
- matchedRules.matchedConditions.matchedElements: Matched Elements
- matchedRules.matchedConditions.matchedElements.matchedContents: Matched Content
- matchedRules.matchedConditions.matchedElements.matchedContents.detectedValues: Detected Content
- matchedRules.matchedConditions.matchedElements.matchedContents.isFileSuffixMatch: Whether the file suffix matches
- matchedRules.matchedConditions.matchedElements.matchedContents.isEncryptFile: Whether it is an encrypted file
- matchedRules.matchedConditions.matchedElements.matchedContents.encodeType: File encoding type, for details, refer to international standard encoding types and their explanations
- matchedRules.matchedConditions.matchedElements.matchedContents.numberOfMatches: Number of Matches
- matchedRules.matchedConditions.matchedElements.matchedContents.locationPath: Full file path
- matchedRules.matchedConditions.matchedElements.matchedContents.isArchiveFile: Whether it is a compressed file
- matchedRules.matchedConditions.matchedElements.matchedContents.contentSize: Content Size
- matchedRules.matchedConditions.matchedElements.numberOfMatches: Number of Matched Files
- matchedRules.matchedConditions.isTraditionalMatching: Whether traditional matching is enabled
- localDetectedTime.incident_info.matchedPolicies.actionSettingName: Action Name
- localDetectedTime.incident_info.matchedPolicies.isTrickle: Whether it is a trickle content detection policy
- localDetectedTime.incident_info.matchedPolicies.priority: Priority
- localDetectedTime.incident_info.matchedPolicies.groupName: Policy Group Name
- localDetectedTime.incident_info.matchedPolicies.severity: Sensitivity Level 1 - High; 2 - Medium; 3 - Low; 4 - Information
- localDetectedTime.result: Return Result
- localDetectedTime.actionCode: Executable Action Code, including:
- 1: Allow
- 2: Block
- 3: Confirm
- 4: Delete Attachment
- 5: Email Encryption
- 6: Email Quarantine
- 7: Terminal System Encryption
- 8: Email Content Encryption
- 9: Terminal Personal Key Encryption
- 10: Watermark (Proxy Only)
Return Example
The following example is a return value example and specific annotations.
{
"localDetectedTime":"2017-11-02T11:06:08.408697" //Detection Time
"incident_info": //Incident Information
{
"matchedPolicies":[ //Matched Policies
{
"numberOfMatches":1, //Number of Events for Matched Policies
"name":"Keyword Policy", //Name of the Matched Policy
"actionSettingName":"Block", //Action Executed for Violations
"matchedRules":[ //Matched Policy Rules
{
"name":"Keyword Policy", //Rule Name
"matchedConditions":[ //Matched Conditions
{
"type":5, //Condition Match Type, including: 1:Regular Expression, 2:Dictionary, 3:External Script, 4:File Type Group, 5:Keyword, 6:Script, 7:File Fingerprint, 8:Machine Learning, 9:Terminal Location, 10:File Name, 11:Attachment Quantity, 12:Database Fingerprint, 13:File Size, 14:Binary, 15:Compressed File Depth, 16:Encrypted File, 17:Format Mismatch File, 18:Built-in Template
"matchedElements":[ //Matched Elements
{
"matchedContents":[ //Matched Content
{
"detectedValues":[ //Detected Content
{"text":"Confidential"} //Keyword
],
"isFileSuffixMatch":true, //Whether the file suffix matches
"isEncryptFile":false, //Whether it is an encrypted file
"encodeType":"UnknownEncoding", //File encoding type, for details, refer to international standard encoding types and their explanations
"numberOfMatches":1, //Number of Matches
"locationPath":"DLP.rar|||DLP.docx", //Full file path
"isArchiveFile":false, //Whether it is a compressed file
"contentSize":986637 //Content Size
}
],
"numberOfMatches":1,
}
],
"isTraditionalMatching":false //Whether traditional matching is enabled
}
]
}
],
"isTrickle":false, //Whether it is a trickle content detection policy
"priority":1001, //Priority
"groupName":"Default Policy Group", //Policy Group Name
"severity":4 //Sensitivity Level 1 - High, 2 - Medium, 3 - Low, 4 - Information
},
{
"numberOfMatches":2,
"name":"Fingerprint Policy",
"actionSettingName":"Block",
"matchedRules":[
{
"name":"Fingerprint Rule",
"matchedConditions":[
{
"type":7,
"matchedElements":[
{
"matchedContents":[
{
"detectedValues":[ //When the type is file fingerprint, there is no text field, otherwise there is
{
"similarity":100, //Similarity
"isPreciseMatching":false, //Whether it is an exact match
"filePath":"C:/Users/admin/Desktop/101/webserviceappfile/DLP.docx" //Original scan file path for file fingerprint
},
{
"similarity":100,
"isPreciseMatching":true,
"filePath":"C:/Users/admin/Desktop/101/webserviceappfile/DLP.docx"
}
],
"isFileSuffixMatch":true,
"isEncryptFile":false,
"encodeType":"UnknownEncoding",
"numberOfMatches":2,
"locationPath":"DLP.rar|||DLP.docx",
"isArchiveFile":false,
"contentSize":986637
}
],
"numberOfMatches":2,
}
],
"isTraditionalMatching":false
}
]
}
],
"isTrickle":false,
"priority":1001,
"groupName":"Default Policy Group",
"severity":1
},
{
"numberOfMatches":16,
"name":"Keyword Policy B",
"actionSettingName":"Block",
"matchedRules":[
{
"name":"Keyword Rule",
"matchedConditions":[
{
"type":5,
"matchedElements":[
{
"matchedContents":[
{
"detectedValues":[
{"text":"IP Address"},
{"text":"Function"},
{"text":"Machine Learning"}
],
"isFileSuffixMatch":true,
"isEncryptFile":false,
"encodeType":"UnknownEncoding",
"numberOfMatches":16,
"locationPath":"DLP.rar|||DLP.docx",
"isArchiveFile":false,
"contentSize":986637
}
],
"numberOfMatches":16,
}
],
"isTraditionalMatching":false
}
]
}
],
"isTrickle":false,
"priority":1001,
"groupName":"Default Policy Group",
"severity":2
}
]
},
"result":0,
"actionCode":2 //Executable Action Code, including -1:Allow, 2:Block, 3:Confirm, 4:Delete Attachment, 5:Email Encryption, 6:Email Quarantine, 7:Terminal System Encryption, 8:Email Content Encryption, 9:Terminal Personal Key Encryption, 10:Watermark (Proxy Only)
}