Data Loss Prevention

 View Only

  • 1.  Second Attempt to Create DLP Lookup Script

    Posted Apr 28, 2014 03:38 PM

    About a year ago I attempted to create DLP lookup script in powershell. For some reason it was unable to integrate with then Enforce engine.

     

    I was now advised to write the script in Python.

     

    Can you refresh my memory, how is the script called

    Are the arguments in the form

    "variable-value, variable-value, variable-value"

    i.e

    "address=10 main st, sender-ip=10.10.10.10, email=joe@gmail.com"

     

     

    Thank you



  • 2.  RE: Second Attempt to Create DLP Lookup Script
    Best Answer

    Trusted Advisor
    Posted May 07, 2014 10:26 AM

    RSA,

    When the script is called, the output of the current variables will look like this..

    sender-email=joe@acme.com,protocol=HTTP,sender-ip=10.10.10.2,endpoint-user-name=juser

    So you will need to parse the data and remove the =.

    Here is how I have done it in a VB script.

    attributeList = ("sender-email,protocol,sender-ip,endpoint-user-name,date-detected")
    attributes = split(attributeList,",")

    Dim attributeValues(4)

      strEqPos = Instr(objArgs(e),"=")
      strArgName = mid(objArgs(e),1,strEqPos - 1)
      strValLen = len(objArgs(e)) - strEqPos
      strArgVal = mid(objArgs(e), strEqPos + 1, strValLen )

     

    Hope this makes sense.

    If this solves your questions please marked as solved.

    Ronak



  • 3.  RE: Second Attempt to Create DLP Lookup Script

    Posted May 08, 2014 01:32 PM

    I created a new thread with another question

     

    https://www-secure.symantec.com/connect/forums/dlp-enforce-script-lookup-plugin