Home
UCWI WebService API
Introduces the WebService API provided by UCWI devices and related information.
Third-Party Log Management Platform Integration
Introduces information about integrating with third-party log management platforms.
API Traffic Logs
Introduces information related to monitoring API traffic logs.

UCWI WebService API
Introduces the WebService API provided by UCWI devices and related information.
- Overview
  Introduces Unified Content Web-Service Inspector (UCWI).
- Configure WebService API
  Introduces how to quickly configure the WebService API.
- Authentication
  Introduces the steps to obtain authentication information.
- GET-Get Channel List
  Introduces the interface call method for the Get Channel List interface.
- GET-Get Channel Details
  Introduces the interface call method for the Get Channel Details interface.
- GET-Get Incident List
  Introduces the invocation method of the Get Incident List interface.
- GET-Get Incident Details
  Introduces the interface call method for the Get Incident Details interface.
- GET-Get Policy Hit Statistics Report
  Introduces the interface call method for the Get Policy Hit Statistics Report.
- GET - Get Label
  Introduces the invocation method of the Get Label interface.
- POST -Add Label
  Introduces the invocation method of the Labeling interface.
- DELETE - Delete Label
  Introduces the interface invocation method of the Delete Label interface.
- POST-Content Review-Web Channel
  Introduces how to call the interface to perform security reviews on content in the Web channel.
- POST-Content Review-Email Channel
  Introduces how to call the interface to perform security reviews on content in the email channel.
- POST-Content Review-WebService Application Channel
  Introduces how to call the interface to perform security reviews of content in the WebService application channel.
- Data Masking Processing
  Introduces how to call the content review interface for data masking processing.
- POST-Virus Scan
  Introduces how to call the interface to perform virus scanning on text content.
- Upload Logs
  Introduction to the upload logs interface.
- Third-Party Log Management Platform Integration
  Introduces information about integrating with third-party log management platforms.
  - API Traffic Logs
    Introduces information related to monitoring API traffic logs.
  - SIEM Logs
    Introduces information about SIEM log rules.
  - Syslog Logs
    Introduces information about setting up Syslog log rules.
  - DLP Traffic Log
    This section introduces how to view the DLP traffic log.
- Appendix
  This chapter introduces some relevant information that needs to be known when calling the WebService API.

API Traffic Logs

Introduces information related to monitoring API traffic logs.

API traffic logs are used to record all file data behaviors in the WebService API channel, including Data Loss Prevention (DLP) scanning, data masking, virus scanning, and recording data that does not hit the Data Loss Prevention (DLP) policy.

Manage the real-time API traffic logs monitored in the Monitoring > API Traffic Logs page.

The logs display the following information.


Displayed Column/Filter Condition	Introduction
Traffic UUID	Traffic unique identifier
Incident	The security incident recorded in the log
User	The user involved in the incident.
Department	Departments configured in the organizational structure or synchronized from the user directory
Source IP	Source IP address
Detection Time	The time when the security engine detects a violation incident that triggers a policy
Channel	The channel where the incident occurred (HTTP/HTTPS/FTP/IM/SMTP/custom protocol/network printing/MAP/POP3/WebService application/file sharing)
Policy Name	The DLP (Data Loss Princidention) security policy that matched with the incident
Target	The target information of the data, which can be displayed as user name (user identification module)/IP address/URL address/device name (Endpoint USB/DVD/Printing)/Email address
Virus Name	The virus name found in the accessed content by the virus engine
Detection Engine	The name of the security engine that detected the violation incident
File Name	The file name involved in the event, which may be multiple
RMS Decryption	Whether the RMS decryption feature is enabled
WebService Operation	The WebService operation associated with the incident
Detection Type	The type of incident detection
Masking Method	The masking method for the involved sensitive information
Masking Policy	The masking policy for the involved sensitive information
Storage Path/Storage Bucket	The system supports the following cloud storage methods for API access to perform Data Loss Prevention (DLP) content analysis, data masking, and virus scanning: S3--Simple Storage Service (AWS) Swift--Swift Object Storage (Openstack) COS--Cloud Object Storage (Tencent Cloud) OSS--Object Storage Service (Alibaba Cloud) OBS--Object Storage Service (Huawei Cloud)