GravityZone Push Event Data Mappings

Hi all -- I have a question about a couple of the push events from GravityZone where the event contained some identifier, but no mapping is available according to the push event documentation found at

Firewall module (module: fw) - A field is sent labeled "protocol_id" and is an integer value. The documentation does not provide a mapping for what these possible values are, and how they map to more human-readable protocols (ARP, UDP, TCP, etc)

Storage Antimalware module (module: storage-antimalware) - GravityZone sends two fields that are string representations of integers but does not supply a mapping to human-readable values: "status" and "malware_type"

Sandbox Analyzer module (module: networking-sandbox) - the field "remediationActions" is an array of strings and in the sample response, they're sometimes string representations of integers, or empty. What are the possible values?

Thanks in advance!



  • Andra_B
    Andra_B Customer Experience Projects Manager BD Staff

    Hi @lazarbeam

    Thank you for your feedback. I have forwarded your question to the relevant department. At the moment we don't have this information in the documentation, but my colleagues have been asked to update the article you mentioned with the information they need.

    In the meantime, please open a support ticket and my colleagues from the Enterprise Technical Support Department will explain all in detail.

    Have a great day!