This article provide common CPL code that we can use to for configuring content scanning policy.
The following policy gestures can be used for configuring content scanning policy.
Type/Category | Setting | CPL Gesture/ Content Analysis Setting |
Destination | Destination IP/Subnet/Port Request URL/Domain/Host/Port/Path Request URL Request URL Category Request URL Threat Risk Level Protocol Scheme Web Application Name Web Application Group |
url.domain |
HTTP Request Headers | User-Agent | request.header.User-Agent |
HTTP Response Headers and Payload | Apparent Data Type (True File Type) Content-Type (MIME Type) File Extension Resolved Country Content Length HTTP Response Version |
http.response.apparent_data_type response.header.Content-Type url.extension supplier.country url.path.suffix response.header.contentlength.as_number http.response.version |
Client Protocol Detection | Protocols such as streaming, https, http, ftp |
streaming.client=yes streaming.client=windows_media, etc. |
Content Analysis AV Scanning Behavior Settings |
Maximum Individual File Size
|
5120MB 5120MB Kaspersky: 40 McAfee: 300 Sophos: 100 |