Common CPL gestures for content scanning policy

book

Article ID: 171140

calendar_today

Updated On:

Products

Content Analysis Software - CA

Issue/Introduction

This article provide common CPL code that we can use to for configuring content scanning policy.

Resolution

 

The following policy gestures can be used for configuring content scanning policy.

Type/Category Setting CPL Gesture/
Content Analysis Setting
Destination Destination IP/Subnet/Port
Request URL/Domain/Host/Port/Path
Request URL
Request URL Category
Request URL Threat Risk Level
Protocol Scheme
Web Application Name
Web Application Group
 

url.domain
url.host
url.path
url.port
url.category
url.threat_risk.level
client.protocol
request.application.name
request.application.group 

HTTP Request Headers User-Agent request.header.User-Agent
HTTP Response Headers and Payload Apparent Data Type (True File Type)
Content-Type (MIME Type)
File Extension
Resolved Country
Content Length
HTTP Response Version
 
http.response.apparent_data_type
response.header.Content-Type
url.extension
supplier.country
url.path.suffix
response.header.contentlength.as_number
http.response.version
Client Protocol Detection Protocols such as streaming, https,
http, ftp
streaming.client=yes
streaming.client=windows_media, etc.
Content Analysis AV Scanning Behavior
Settings

Maximum Individual File Size
Maximum Total Uncompressed Size
Maximum Archive Layers

 

5120MB
5120MB
Kaspersky: 40
McAfee: 300
Sophos: 100