Hi there,
I am trying to obtain the syslog variable for 'attachment' field detected in a HTTP/HTTPS incident event in Symantec DLP. The variable $FILE_NAME$ works fine for other incidents such as USB incidents but somehow it does not work for HTTPS incidents. Anyone has any luck obtaining the variable or is there an existing workaround for this?
Thanks!