How to differentiate traffic by OS type (macOS versus Windows) with WSS Agent in use?
Please note that this applies to the access method that send computer information to the service, namely SEP-CIA and WSS Agent.
You can see from the WSS portal report that we have the Client-OS field available for reporting purpose, and you can also see from the WSS Access log documentation that this data is stored in the X-Client-os field.
This means that we can extract the OS for access method that fill this field with data, per the following CPL sample:
define variable string x_client_os ; Create a variable to store the resolved field data
variable.x_client_os("$(x-client-os)") ; Populate the variable with the resolved field data (requires to be in a transaction)
Then we can set a condition to match when we have an appropriate macOS or Windows string.
define condition wssa_macOS
define condition wssa_Windows
Finally, we can use the conditions in the sample code below, for illustration purposes only:
DENY ; Deny unsupported clients