Network Prevent Incident Details (IP address-Username)
We installed a DLP pilot which contains a Network Prevent for Web server. The NP server successfully integrated to a Websense web gateway via ICAP, and we can see HTTP/HTTPS messages.The problem is that in the incident details tab, at the sender we only have IP address instead of the Username. Some incident contains the username, not sure but maybe the IDM/EDM detection dont get this information? The customer use DHCP so the IP address does not give any information for further investigation of the incidents.
I think we must use some lookup plugin but we dont know exatly how to start it and where we can find the required information for the lookups (IP - User pairs).
Is there any solution to get this information from the IP address?