Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

List of Events

  1. Last updated
  2. Save as PDF

The following table provides a list of the events you can use in rules. The events are listed in alphabetical order.

Name Description Parameters
Authentication.AddMethod Adds an authentication method.

String: Name of an
authentication
method

String: Value for an
authentication
method

Boolean: If true, an
existing method is
overwritten.
Authentication.ClearCache  Clears the cache.  
Authentication.ClearMethodList Clears the authentication methods list.  
Authentication.ClearNTMLCache Clears the NTML cache.  
Authentication.GenerateICEResponse Generates a token that is sent in
response to McAfee Cloud Identity
Manager to enable seamless
authentication.		  
Authentication.SendOTP Sends a one-time password to an
authenticated user.		  
Bandwidth.FromClient Limits the speed of data transfer from a
client to the appliance.		 String: Name of
bandwidth class
Bandwidth.FromServer Limits the speed of data transfer from a
web server to the appliance.		 String: Name of
bandwidth class
Bandwidth.ToClient Limits the speed of data transfer from
the appliance to a client.		 String: Name of
bandwidth class
Bandwidth.ToServer Limits the speed of data transfer from
the appliance to a web server.		 String: Name of
bandwidth class
BlockingSession.Activate Activates a blocking session.  
Body.Insert Inserts a string into the body of the
request or response that is currently
processed.		 Number: Byte
position where
insertion begins
String: Pattern

a. string embedded
in double quotes
...”, can also contain
hex values preceded
by \)
or:
b. sequence of hex
values
Body.Remove Removes a number of bytes from the
body of the request or response that is
currently processed.		 Number: Byte
position where the
removal begins

Number: Number of
bytes to remove
Body.Replace Replaces a portion from the body of the
request or response that is currently
processed with a string.		 Number: Byte
position where
replacement begins

String: Pattern
a. string embedded
in double quotes
(“ ...”, can also contain
hex values preceded
by \)
or:
b. sequence of hex
values
Body.ToFile

Writes the body of the request or
response that is currently processed to
the specified file.

The file is stored in the
directory /opt/mwg/log/debug/
BodyFilterDumps.

The body is written to the file only after
it has been completely loaded, even if
the Body.ToFile event occurred when only
one or more chunks of the body had
been loaded.

To prevent the stored files from filling up
the hard disk of an appliance, enable
their auto-deletion on the user interface
under Configuration | <appliance> | Log File
Manager | Advanced.

 String: Name of the file
that the body is written
to
CloudEncryption.Encrypt

Performs the encryption of cloud
storage data using the encryption
algorithm configured in the settings and
the password specified as a parameter
of the event.

This event can be triggered several times
with different settings and passwords,
so encryption is also performed several
times.

  
CloudEncryption.Decrypt

Performs the decryption of data using
the decryption algorithm specified in the
settings and the password specified as a
parameter of the event.

This event can be triggered several times
with different settings and passwords,
so decryption is also performed several
times.

Order of calls to this event should be the
reverse of calls to the encryption event.

  
CloudLogging.SetStorageRegion

Sets the storage region for web access
data

This event takes effect only when
the hybrid solution is enabled.

  
Connection.Mark Sets a connection mark. Number: Number of a
connection
Discard.RuleEngine.Trace

Deletes a rule trace that has been
generated by rule tracing on Web
Gateway.

The event can be used in a suitable rule
to discard traces that are filtered
according to particular rule criteria.

For example, if a trace has been
generated for a request that required
less than ten seconds processing time,
this trace can be considered not
worthwhile storing and therefore be
discarded.

The Timer.TimeInTransaction property can
be used in a rule like this to filter rule
traces.

The rule might be placed in a nested
rule set of the Log Handler rule set that
takes final position in this nesting rule
set.

Using the event in this way allows you to
perform rule trace storing with a focus
on traces that are considered relevant.

  
DSCP.Mark.Request

Sets an IP address header field.

This field is the DSCP header field. Setting
this header is also known as flagging.

The header can be evaluated by network
devices supporting DSCP (Differentiated
Services Code Point) for directing data
packets sent from Web Gateway to a
requested web server.

Load balancing can, for example, be
performed this way.

The header can only be set for requests
that are sent over an HTTP or HTTPS
connection.

Setting the header also works for
tunneled SSL connections. It can be set
here immediately after the CONNECT
part of the process has completed.

The value that the header is set to can
be a number ranging from 0 to 63.

 

When using this header in
configuring Web Gateway and
connected network devices, be
sure not to impact existing
routes or connections.
When multiple requests are
sent to a web server over the
same connection, a header
value that is set at any point
within the processing cycle, for
example, after the CONNECT
or CERTVERIFY part of this
cycle, will be used for directing
the data packets of all
following requests.
So, when using the header, for
example, in a rule for handling
streaming media, setting the
header inappropriately might
lead to directing data packets
in a way that throttles the
connection.

 Number: Value of the
header field
DSCP.Mark.Response

Sets an IP address header field.

This field is the DSCP header field. Setting
this header is also known as flagging.
The header can be evaluated by network
devices supporting DSCP (Differentiated
Services Code Point) for directing data
packets sent back in response from Web
Gateway to a client.

Load balancing can, for example, be
performed this way.

The header can only be set for
responses that are sent over an HTTP or
HTTPS connection.

Setting the header also works for
tunneled SSL connections. It can be set
here immediately after the CONNECT
part of the processing cycle has
completed.

The value that the header is set to can
be a number ranging from 0 to 63.

When using this header in
configuring Web Gateway and
connected network devices, be
sure not to impact existing
routes or connections.
When multiple responses are
sent back to a client over the
same connection, a header
value that is set at any point
within the processing cycle will
be used for directing the data
packets of all following
responses.
The same connection is, for
example, used when persistent
client connections have been
configured.
Also ACP packets requiring a
longer processing time or
buffered data packets from
previously used connections
that still exist in the TCP buffer,
might use a header value even
if it has been set at a later
point in the processing cycle.

 Number: Value of the
header field
DXL.Event Sends a DXL message with information
about a web security topic to the
subscribers.
  1. String: Topic to send information about
  2. String: Information to send about topic
Email.Send Sends an email.
  1. String: Recipient
  2. String: Subject
  3. String: Body
Enable Cache

Enables the web cache.

Using this event, web objects from
traffic going on under HTTP or HTTPS
can be cached.

An event setting can be configured to
enable caching for either of the two
protocols. Default is HTTP.

HTTP2 is not supported.

Rules that use this event must specify
the protocol that caching is configured
for in their criteria.

To increase the hit rate, the isssl and
X-Forwarded-Proto request headers are
ignored.

The Accept-Encoding header is also
ignored if the requested content can be
extracted on Web Gateway.

The default cache key is the URL for a
web object with the protocol name
added.

An additional cache key can be
configured using the Cache.AdditionalKey
property in a rule.

  
Enable CompositeOpener Enables the composite opener.  
Enable Data Trickling Enables data trickling.  
Enable FTP Upload Progress Indication

Enables the sending of responses to an
FTP client, stating that processing of a
file that has been sent for uploading to
the web is still in progress.

This is intended to prevent a timeout on
the FTP client when processing on Web
Gateway takes more time, for example,
due to scanning the file that should be
uploaded for infections by viruses and
other malware.

  
Enable HTML Opener Enables the HTML opener.  
Enable Media Stream Scanner Enables the Media Stream Scanner,
which is provided by the McAfee
Gateway Anti-Malware engine.		  
Enable Next Hop Proxy Enables use of next-hop proxies.  
Enable Outbound Source IP Override Enables the replacement of different
outbound source IP addresses by a
single IP address.		 List of string: List of IP
addresses for replacing
other IP addresses in
string format
Enable Progress Page Enables display of a progress page.  
Enable RuleEngine Tracing Enables tracing of the activities that are
completed by the rule processing
module (rule engine).		  
Enable SSL Client Context with CA Enables sending of client certificates
issued by a certificate authority.		  
Enable SSL Client Context without CA Enables sending of client certificates not
issued by a certificate authority.		  
Enable SSL Scanner Enables module for SSL scanning.  
Enable SafeSearchEnforcer Enables the SafeSearchEnforcer.  
Enable Proxy Control Enables proxy control  
FileSystemLogging.WriteDebugEntry Writes a debugging entry.
  1. String: Debugging entry
  2. Boolean: If true, entry is written to stdout.
FileSystemLogging.WriteLogEntry Writes an entry into a log. String: Log entry
HTMLElement.InsertAttribute Inserts an attribute into an HTML
element.
  1. String: Attribute name
  2. String: Attribute value
HTMLElement.RemoveAttribute Removes an attribute from an HTML
element.		 String: Attribute name
HTMLElement.SetAttributeValue Sets an attribute to a value. String: Attribute name
String: Value to set attribute to
Header.Add Adds a header to a request or response. String: Attribute
name
String: Value to set
attribute to
Header.AddMultiple Adds a header with a list of values to a
request or response.		 String: Header name
List of string: List of
header values
Header.Block.Add Adds a block header to a request or
response.		 String: Header name
String: Header value
Header.Block.AddMultiple Adds a block header with a list of values
to a request or response.		 String: Header name
List of string: List of
header values
Header.Block.RemoveAll Removes all block headers with a given
name from a request or response.		 String: Header name
Header.ICAP.Response.Add Adds a header to an ICAP response. String: Header name
String: Header value
Header.ICAP.Response.AddMultiple Header.ICAP.Response.AddMultiple String: Header name
List of string: List of
header values
Header.ICAP.Response.RemoveAll Removes all headers with a given name
from an ICAP response.		 String: Header name
Header.RemoveAll Removes all headers with a given name
from a request or response.		 String: Header name
Header.Response.Add Adds a header to the page generated by
a block action.		  
HTTP.GenerateResponse Generates a response to the request
made in the request cycle.		 String: Response body
HTTP.SetStatus Sets the HTTP status code at the end of
the response cycle.		 Number: HTTP status
code
ICAP.AddRequestInformation Adds information to an ICAP request. String: Name of the request
String: Added information
MediaType.Header.FixContentType Replaces a media type header with an
appropriate header when it is found
after inspection of the media body that
the original header does not match the
body.		  
Notice Writes an entry with notice level into
syslog.		 String: Log entry
PDStorage.AddGlobalData.Bool Adds global variable of type Boolean. String: Variable key
Boolean: Variable value
PDStorage.AddGlobalData.Category Adds global variable of type Category. String: Variable key
Category: Variable value
PDStorage.AddGlobalData.Dimension Adds global variable of type Dimension. String: Variable key
Dimension: Variable value
PDStorage. AddGlobalData.Hex Adds global variable of type Hex. String: Variable key
Hex: Variable value
PDStorage. AddGlobalData.IP Adds global variable of type IP. String: Variable key
IP: Variable value
PDStorage.AddGlobalData.IPRange Adds global variable of type IPRange. String: Variable key
IPRange: Variable value
PDStorage.AddGlobalData.List.Category Adds global variable of type List of Category. String: Variable key
List of Category: Variable value
PDStorage. AddGlobalData.List. Dimension Adds global variable of type List of Dimension. String: Variable key
List of Dimension: Variable value
PDStorage.AddGlobalData.List.Hex Adds global variable of type List of Hex. String: Variable key
List of Hex: Variable value
PDStorage. AddGlobalData.List.IP Adds global variable of type List of IP. String: Variable key
List of IP: Variable value
PDStorage. AddGlobalData.List.IPRange Adds global variable of type List of IPRange. String: Variable key
List of IPRange: Variable value
PDStorage.AddGlobalData.List.MediaType Adds global variable of type List of MediaType. String: Variable key
List of MediaType: Variable value
PDStorage. AddGlobalData.List. Number Adds global variable of type List of Number String: Variable key
List of Number: Variable value
PDStorage. AddGlobalData.List. String Adds global variable of type List of String. String: Variable key
List of String: Variable value
PDStorage. AddGlobalData.List. Wildcard Adds global variable of type List of Wildcard Expression. String: Variable key List of Wildcard
Expression: Variable value
PDStorage. AddGlobalData. MediaType Adds global variable of type MediaType. String: Variable key
MediaType: Variable value
PDStorage. AddGlobalData.Number Adds global variable of type Number. String: Variable key
Number: Variable value
PDStorage. AddGlobalData.String Adds global variable of type String. String: Variable key
String: Variable value
PDStorage. AddGlobalData. Wildcard Adds global variable of type Wildcard
Expression.		 String: Variable key
Wildcard Expression: Variable value
PDStorage. AddUserData.Bool Adds user variable of type Boolean. String: Variable key
Boolean: Variable value
PDStorage. AddUserData.Category Adds user variable of type Category. String: Variable key
Category: Variable value
PDStorage. AddUserData. Dimension Adds user variable of type Dimension. String: Variable key
Dimension: Variable value
PDStorage. AddUserlData.Hex Adds user variable of type Hex. String: Variable key
Hex: Variable value
PDStorage. AddUserData.IP Adds user variable of type IP. String: Variable key
IP: Variable value
PDStorage. AddUserData.IPRange Adds user variable of type IPRange. String: Variable key
IPRange: Variable value
PDStorage. AddUserData.List. Category Adds user variable of type List of Category. String: Variable key
List of Category: Variable value
PDStorage. AddUserData.List. Dimension Adds user variable of type List of Dimension. String: Variable key
List of Dimension: Variable value
PDStorage. AddUserData.List.Hex Adds user variable of type List of Hex. String: Variable key
List of Hex: Variable value
PDStorage. AddUserData.List.IP Adds user variable of type List of IP. String: Variable key
List of IP: Variable value
PDStorage.AddUserData.List.IPRange Adds user variable of type List of
IPRange.		 String: Variable key
List of IPRange: Variable value
PDStorage.AddUserData.List.MediaType Adds user variable of type List of
MediaType.		 String: Variable key
List of MediaType: Variable value
PDStorage.AddUserData.List.Number Adds user variable of type List of
Number.		 String: Variable key
List of Number: Variable value
PDStorage.AddUserData.List.String Adds user variable of type List of String. String: Variable key
List of String: Variable value
PDStorage.AddUserData.List.Wildcard Adds user variable of type List of Wildcard Expression. String: Variable key
List of Wildcard Expression: Variablevalue
PDStorage.AddUserData.MediaType Adds user variable of type MediaType. String: Variable key
MediaType: Variable value
PDStorage.AddUserData.Number Adds user variable of type Number. String: Variable key
Number: Variable value
PDStorage.AddUserData.String Adds user variable of type String. String: Variable key
String: Variable value
PDStorage.AddUserData.Wildcard Adds user variable of type Wildcard Expression. String: Variable key
Wildcard Expression: Variable value
PDStorage.Cleanup Cleans up persistently stored data.  
PDStorage. DeleteAllGlobalData Deletes all permanently stored global data.  
PDStorage. DeleteAllUserData Deletes all permanently stored user data.  
PDStorage.DeleteGlobalData Deletes all permanently stored global variables of a given type. String: Variable key
PDStorage.DeleteUserData Deletes all permanently stored user
variables of a given type.		 String: Variable key
ProtocolDetector.ApplyFiltering Applies processing of web filtering rules
on web traffic that has been found to
follow a protocol that is supported on
Web Gateway.		  
SNMP.Send.Trap.Application Sends an SNMP trap message with
application information.		  
SNMP.Send.Trap.System Sends an SNMP trap message with
system information.		  
SNMP.Send.Trap.User Sends an SNMP trap message with user
information.		 Number: User ID
String: Message body
SNMP.Send.Trap.UserHost Sends an SNMP trap message with
information on the host of a user.		 Number: User ID
String: Message body
IP: IP address of the host
SSO.AddCredentials

Creates new credentials for a user who
attempts to log on in a single sign-on
process to a cloud application.

To authenticate a user, the credentials
are evaluated by an authentication
instance, which is also known as identity
provider (IdP), for example, an LDAP or
NTLM database.

The new credentials are stored in the
database of the identity provider.

 String: Identity provider
String: User name
String: Cloud application
JSON: Credentials in JSON format
SSO.AddServices

Prepares the availability of cloud
applications for a user who attempts to
select one of them for logon in a single
sign-on process.

A cloud application is also
referred to as cloud service.

 String: Identity provider
String: User name
List: List of cloud applications
SSO.DeleteCredentials

Deletes credentials of a user who
attempts to logon in a single sign-on
process to a cloud application.

To authenticate a user the credentials
are evaluated by an authentication
instance, which is also known as identity
provider (IdP), for example, an LDAP or
NTLM database.

The new credentials are stored in the
database of the identity provider.

 String: Identity provider
String: User name
String: Cloud application
JSON: Credentials in JSON format
SSO.ProcessFormLogin

Processes the data that was submitted
for a user in a form on a logon page to
perform logon to a cloud application in
a single sign-on process.

One of the following is executed for the
logon form:
• When a logon form is sent with a
POST request to a cloud application,
the password token that had been
inserted into the logon form before is
replaced by the real password of the
user who requests single sign-on
access.

• When a logon form is requested for a
user with a GET request that is sent
from a browser, script code is inserted
into the form to fill it out and forward
it to the cloud application.
This event is only executed when the
proxy (inline) mode is configured for the
single sign-on process.

  
SSO.UpdateCredentials

Updates credentials of a user who
attempts to log on in a single sign-on
process to a cloud application.

To authenticate a user, the credentials
are evaluated by an authentication
instance, which is also known as identity
provider (IdP), for example, an LDAP or
NTLM database.

The new credentials are stored in the
database of the identity provider.

 String: Identity provider
String: User name
String: Cloud application
JSON: Credentials in JSON format
Statistics.Counter.Increment Increments a counter.  
Statistics.Counter.Reset Resets a counter. String: Counter name
Stopwatch.Reset Sets an internal watch that measures
processingtime for rule sets to zero.		 String: Rule set name
Stopwatch.Start Starts an internal watch that measures
processing time for rule sets.		 String: Rule set name
Stopwatch.Stop Stops an internal watch that measures
processing time for rule sets.		 String: Rule set name
Syslog Writes an entry into syslog. 1 Number: Log level
     0 – Emergency
     1 – Alert
      2 – Critical
     3 – Error
     4 – Warning
     5 – Notice
      6 – Info
      7 – Debugging
2 String: Log entry
Throttle.Client Limits the speed (in Kbps) of data
transfer from a client to the appliance.		 Number: Speed limit
Throttle.Server Limits the speed (in Kbps) of data
transfer from a web server to the
appliance.		 Number: Speed limit
TIE: Report File Reputation Sends a file reputation score to a TIE
server.		 Number: File reputation score

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.