I wrote Python script to find userId based on sender-ip. This script must run with elevated credentials.
Our DLP Enforce Server is on Windows 2008 R2 Server
Path of python.exe is D:\Python27\python.exe
Path of script is D:\SymantecDLP\Protect\lookup.py
Below is the script
from __future__ import print_function
# import statements
import sys, subprocess
import wmi, win32api, win32con
# get the arguments and extract user's IP address
argument = sys.argv[1]
attr_map = dict(item.strip().split('=') for item in argument.split(','))
userIP = attr_map['sender-ip']
# subprocess
ping = subprocess.Popen(
["ping", "-n", "1", userIP],
stdout = subprocess.PIPE,
stderr = subprocess.PIPE
)
# can we ping the user's IP address?
out, error = ping.communicate()
# if we cannot ping user's IP address then print error message and exit program
if out.find("Reply from") == -1:
print (userIP, "is NOT pingable.")
sys.exit()
# try to access wmi
try:
c = wmi.WMI(userIP)
except:
print ("Cannot access WMI for", userIP)
sys.exit()
# perform system lookup of IP address
user_list = []
for us in c.Win32_LogonSession():
try:
for user in us.references("Win32_LoggedOnUser"):
user_logins = user.Antecedent.Domain + "\\" + user.Antecedent.Name
user_list.append(user_logins)
except:
pass
userId = user_list[0]
print(userId)
When I run the terminal command promt with elevated credentials and execute the script as
python lookup.py "sender-ip=10.10.10.10"
It outputs the userId
Here is a screenshop of Script Lookup Plugin
And these are the Lookup Parameter Keys
When I click on Lookup of 10.10.10.10, I get error in red "Custom Attribute lookup failed"
1. How to enter the attributes so that I don't get this error?
2. How do I set up the credentials file so that script runs with elevated credentials?