Context based firewall service for agentless machines

What is claimed is: 1. A system comprising: a computing device; a directory server executing a directory service thereon; a network; one or more edge service gateway (ESG) virtual machines (VM) that monitor traffic for the network, each of the one or more ESG VMs comprising: an event log monitor configured to: poll the directory service for a login event on the computing device; detect, from polling the directory service, the login event on the computing device; and obtain, from the detected login event, login event information comprising an identifier that identifies a user; a context engine configured to: receive the login event information from the event log monitor; and store the login event information comprising the identifier as one or more context attributes in an attribute table; and a firewall engine configured to: determine attributes of a data message received by the ESG VM; compare the data message attributes with the one or more context attributes stored in the attribute table; and identify a firewall rule to enforce on the data message based on the comparing, wherein, based the identified firewall rule, the firewall engine causes the data message to be dropped or forwarded. 2. The system of claim 1 , wherein firewall engine is further configured to compare a five-tuple identifier from the data message with attributes in the attribute table to determine the data message corresponds to the one or more context attributes. 3. The system of claim 1 , wherein the computing device is a personal computer. 4. The system of claim 1 , wherein the login event comprising a user logging into the network through a directory server. 5. The system of claim 4 , wherein the event log monitor is further configured to poll the directory server for login events. 6. The system of claim 1 , wherein the network is a logical overlay network. 7. The system of claim 1 , wherein the computing device does not execute a guest-introspection (GI) agent thereon. 8. A method for performing firewall operations on an edge service gateway (ESG) virtual machine (VM) that monitors traffic for a network, the method comprising: polling a directory service for a login event on a computing device; detecting, from polling the directory service, the login event on the computing device; obtaining, from the detected login event, login event information comprising an identifier that identifies a user associated with the login event; storing the login event information comprising the identifier as one or more context attributes in an attribute table; and applying a firewall rule to a data message that corresponds to the one or more context attributes. 9. The method of claim 8 , further comprising comparing a five-tuple identifier from the data message with attributes in the attribute table to determine the data message corresponds to the one or more context attributes. 10. The method of claim 8 , wherein the computing device is a hardware computing device. 11. The method of claim 8 , wherein the computing device is a virtual machine or a container. 12. The method of claim 8 , wherein the login event information further comprises one or more of the following: a five-tuple identifier and a group identifier. 13. The method of claim 12 , wherein the directory service is an active directory service, and wherein the user group identifier is a group identifier in an active directory. 14. The method of claim 8 , wherein the login event is a request to access an application in the network monitored by the ESG VM. 15. An edge service gateway (ESG) virtual machine (VM) that monitors traffic for a network, the ESG VM stored in memory on a computing device, the ESG VM comprising: an event log monitor configured to: poll the directory service for a login event on the computing device; detect, from polling the directory service, the login event on the computing device; and obtain, from the detected login event, login event information comprising an identifier that identifies the user; a context engine configured to: receive the login event information from the event log monitor; and store the login event information comprising the identifier as one or more context attributes in an attribute table; and a firewall engine configured to: receive a data message; determine the data message corresponds to the one or more context attributes stored in the attribute table; identify a firewall rule to enforce on the data message based on the determining; and enforce the firewall rule on the data message. 16. The ESG VM of claim 15 , wherein firewall engine is further configured to compare a five-tuple identifier from the data message with attributes in the attribute table to determine the data message corresponds to the one or more context attributes. 17. The ESG VM of claim 15 , wherein the computing device is a personal computer. 18. The ESG VM of claim 15 , wherein the computing device is a virtual machine or a container. 19. The ESG VM of claim 15 , wherein the ESG VM further comprises a memory area for storing firewall rules and the attribute table. 20. The ESG VM of claim 15 , wherein the login event information further comprises one or more of the following: a five-tuple identifier and a group identifier.