Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

[Symantec DLP] Syslog variable for 'attachment' field detected in HTTPS incident event.

Created: 27 Apr 2014 • Updated: 27 Apr 2014

Hi there,

I am trying to obtain the syslog variable for 'attachment' field detected in a HTTP/HTTPS incident event in Symantec DLP. The variable $FILE_NAME$ works fine for other incidents such as USB incidents but somehow it does not work for HTTPS incidents. Anyone has any luck obtaining the variable or is there an existing workaround for this?

Thanks!

https_inc.png

Operating Systems: