Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

[Symantec DLP] Syslog variable for 'attachment' field detected in HTTPS incident event.

Created: 27 Apr 2014 • Updated: 27 Apr 2014

Hi there,

I am trying to obtain the syslog variable for 'attachment' field detected in a HTTP/HTTPS incident event in Symantec DLP. The variable $FILE_NAME$ works fine for other incidents such as USB incidents but somehow it does not work for HTTPS incidents. Anyone has any luck obtaining the variable or is there an existing workaround for this?

Thanks!

https_inc.png

Operating Systems: