GravityZone Push Event Data Mappings
Hi all -- I have a question about a couple of the push events from GravityZone where the event contained some identifier, but no mapping is available according to the push event documentation found at https://www.bitdefender.com/business/support/en/77209-135325-push-event-json-rpc-messages.html
Firewall module (module: fw) - A field is sent labeled "protocol_id" and is an integer value. The documentation does not provide a mapping for what these possible values are, and how they map to more human-readable protocols (ARP, UDP, TCP, etc)
Storage Antimalware module (module: storage-antimalware) - GravityZone sends two fields that are string representations of integers but does not supply a mapping to human-readable values: "status" and "malware_type"
Sandbox Analyzer module (module: networking-sandbox) - the field "remediationActions" is an array of strings and in the sample response, they're sometimes string representations of integers, or empty. What are the possible values?
Thanks in advance!