Data Loss Prevention

 View Only

  • 1.  Facing Lookup issue for Web incidents

    Posted Mar 03, 2014 02:16 AM

    Hi All,

    Need your help in the below scenario.

    i have configured attribute Lookup in my DLP and i am  able to successfully find the details for SMTP incidents,But for Web incidents i am not able to findout the exact details of user.please help me in resolving this issue.

     

     

     

     



  • 2.  RE: Facing Lookup issue for Web incidents

    Posted Mar 04, 2014 02:41 PM

    The most likely reason you cannot find the users is because web incidents do not have easily identifiable markers like an e-mail address for the system to lookup.  You will have to create a custom lookup script that will do a reverse lookup based on IP address or change your lookup to contain the information generated by HTTP incidents.

     



  • 3.  RE: Facing Lookup issue for Web incidents

    Trusted Advisor
    Posted Mar 10, 2014 08:27 PM

    Kishore,

    Are you trying to do this using Network Monitor or Web Prevent?

    Network Monitor will only provide you an IP.

    https://www-secure.symantec.com/connect/forums/lookup-get-user-information-http-incidents

     

    Web Prevent will provide you a USER name but has the domain name as part of it.

    https://www-secure.symantec.com/connect/forums/icap-and-winntdomainname

     

    Please clarify..

    Hope this makes sense.

    If this solves your questions please marked as solved.

    Ronak