Ethical wall notification how it works -methods and flow

CASB API notification flow

Teams protector Overview:

Notification methods

At a high level the product send info in 3 methods:

  1. Popup message

  2. IM message

  3. Auditing

 

Who receives the messages

Pop Up & IM
When an event is blocked the product sends IM & Popup to the following members:
1. In case the user performing the operation is managed- that user will receive the popup
2. In case the user performing the operation is not managed-
Firstly the operation will be blocked when received by the managed user
and then the managed user will get the popup and IM.

Only for IM

The meeting organizer (where the block was performed) also receives an IM message


What is included in the messages

IM


How does the notification happen - Mechanism:


First the filter sends info to portal audit API about the operation done , organizer , the policy and participants. Then the Portal Audit API (from version 1.2.9 TP is using internal services API ) generates the text based on the info received by the filter in addition to more info received from the EW engine, such as the policies define, time of event (used as parameter).

Time in the message

Time in all tables are stored in UTC.

Time displayed in Portal Auditing is local time of the browser used by the user.

Lastly The IM text is based on the auditing created .

Content: It includes the parts in auditing of:
1) The operation done to user (with incident ID).
2) Which (conference) policies were applied.
3) List of users and policies that are relevant for the operation.

See example below.

The Audit API adds the generated IM message to messages outbox table in the portal database and the MNTS service sends the messages on its immediate operation (by default running every 10 seconds).

POP UP

 


At the Initial view it will show “Communication blocked due to,…”



When clicking on Read more it will include:
-What operation was blocked due to which policy
-What the policy rule entails