Message

A type used by Endpoint Security to notify your client when a monitored action occurs.

Overview

When Endpoint Security monitors an event of a given type, it sends a message to all clients subscribed to that event type, containing data about the event. Handlers use this information to react to the event. In the case of authorization events, handlers must actively respond to the message and authorize or deny the monitored action. The client must respond before the deadline specified by the message.

The following code shows a handler that reacts to events of the type ES_EVENT_TYPE_AUTH_RENAME. Since the handler knows the event type, it can access the rename member of the message’s event union. From this, it gets the source of the rename event, and inspects the source file path. The handler denies authorization to the event if the filename includes the string DONOTMOVE, and allows it otherwise.

es_handler_block_t handler = ^void  (es_client_t* _Nonnull client, const es_message_t* _Nonnull message) {
    switch (message->event_type) {
        case ES_EVENT_TYPE_AUTH_RENAME: {
            es_auth_result_t myResult = strstr(message->event.rename.source->path.data, "DONOTMOVE")
                ? ES_AUTH_RESULT_DENY : ES_AUTH_RESULT_ALLOW;
            es_respond_auth_result(client, message, myResult, false);
            break;
        }
        // case: (Handle any other cases you have subscribed to)
        default:
            break;
    }
};

Topics

Inspecting Messages

es_message_t

A message from the Endpoint Security subsystem that describes a security event.

Copying a Message

es_copy_message

Copies a message, by allocating new memory.

es_message_size

Calculates the size of a message structure.

es_free_message

Frees the memory allocated for the given message.

Supporting Types

es_result_t

The result of the Endpoint Security subsystem authorization process.

es_string_token_t

A pointer to a null-terminated string, and the length in bytes of that string.

es_token_t

An arbitrary buffer of data with its size.

See Also

Event Monitoring

Client

An opaque type that maintains Endpoint Security client state, and functions related to this type.

Event Types

Types used by messages to deliver details specific to different kinds of Endpoint Security events.