I created a DLP lookup script in PowerShell to plug into the DLP enforce server.
From what I understand this is how everything is supposed to work
1. User that is logged into the Enforce Server opens an incident and presses "Lookup"
2. The Enforce Server will take "sender-ip=10.10.10.10" and send it as an input parameter to the lookup script
3. The look-up script processes the IP address 10.10.10.10 and finds the last user logged on
4. The look-up script determines that the last logged on user is CONTOSO\jsmith
5. Look-up script sends Enforce Server the string value "userId=CONTOSO\jsmith"
6. Enforce Server displays CONTOSO\jsmith next to userId
Is this correct? Because there is some misunderstanding as to whether the Enforce Server is supposed to receive "userId=CONTOSO\jsmith", or the script should send a variable $userId, where $userID has the value CONTOSO\jsmith
I have modified the script such that it sends "userId=CONTOSO\jsmith", or it sends a variable $userId, where $userID has the value CONTOSO\jsmith, but nothing seems to work
That is why I need to view logs that show the actual data interaction between the DLP Enforce Server and the Lookup script, and if there are any information, errors or warnings
Thank you