Ethical wall notification how it works -methods and flow
- Yoav Crombie
- David Elkarat
- Agat Support
CASB API notification flow
Teams protector Overview:
Notification methods
At a high level the product send info in 3 methods:
Popup message
IM message
Auditing
Who receives the messages
Pop Up & IM
When an event is blocked the product sends IM & Popup to the following members:
1. In case the user performing the operation is managed- that user will receive the popup
2. In case the user performing the operation is not managed-
Firstly the operation will be blocked when received by the managed user
and then the managed user will get the popup and IM.
Only for IM
The meeting organizer (where the block was performed) also receives an IM message
What is included in the messages
IM
How does the notification happen - Mechanism:
First the filter sends info to portal audit API about the operation done , organizer , the policy and participants. Then the Portal Audit API (from version 1.2.9 TP is using internal services API ) generates the text based on the info received by the filter in addition to more info received from the EW engine, such as the policies define, time of event (used as parameter).
Time in the message
Time in all tables are stored in UTC.
Time displayed in Portal Auditing is local time of the browser used by the user.
Lastly The IM text is based on the auditing created .
Content: It includes the parts in auditing of:
1) The operation done to user (with incident ID).
2) Which (conference) policies were applied.
3) List of users and policies that are relevant for the operation.
See example below.
The Audit API adds the generated IM message to messages outbox table in the portal database and the MNTS service sends the messages on its immediate operation (by default running every 10 seconds).
POP UP
At the Initial view it will show “Communication blocked due to,…”
When clicking on Read more it will include:
-What operation was blocked due to which policy
-What the policy rule entails