Video Screencast Help

[Symantec DLP] Syslog variable for 'attachment' field detected in HTTPS incident event.

Created: 27 Apr 2014 • Updated: 27 Apr 2014

Hi there,

I am trying to obtain the syslog variable for 'attachment' field detected in a HTTP/HTTPS incident event in Symantec DLP. The variable $FILE_NAME$ works fine for other incidents such as USB incidents but somehow it does not work for HTTPS incidents. Anyone has any luck obtaining the variable or is there an existing workaround for this?

Thanks!

https_inc.png

Operating Systems: