Video Screencast Help

DLP Events to syslog

Created: 17 Jun 2013 • Updated: 18 Jun 2013 | 2 comments

We created a Response rule to send DLP alerts (Endpoint & Prevent) to AlertLogic.Alerts are going to our dashboard but the only field that is not displaying data is User.

Here is how we have defined that variable:
USER=$DATAOWNER_NAME$

I also tried USER=$DATA_OWNER$, USER=$EMPLOYEE_CODE$ but am still getting N/A.

btw,  we used the variable definitions listed in DLP:

 

Insert Variable
Blocked
Data Owner
Data Owner Email
Device Instance ID
Endpoint Machine
File Full Path
File Name
File Parent Directory Path
Incident ID
Incident Snapshot
Match Count
Policy Name
Policy Rules
Protocol / Device Type / Target Type
Quarantine Parent Directory Path
Recipients
Scan Date
Sender
Severity
Subject
Target

Does anyone know if there is another variable I could use for User/Data Owner?

Thanks!

Operating Systems:

Comments 2 CommentsJump to latest comment

kishorilal1986's picture

Chcek your LDAP lookup plugin is working fine.Is it providing user information if incident created by user.