Data Loss Prevention

 View Only

[Symantec DLP] Syslog variable for 'attachment' field detected in HTTPS incident event.

  • 1.  [Symantec DLP] Syslog variable for 'attachment' field detected in HTTPS incident event.

    Posted Apr 27, 2014 09:05 PM

    Hi there,

    I am trying to obtain the syslog variable for 'attachment' field detected in a HTTP/HTTPS incident event in Symantec DLP. The variable $FILE_NAME$ works fine for other incidents such as USB incidents but somehow it does not work for HTTPS incidents. Anyone has any luck obtaining the variable or is there an existing workaround for this?

    Thanks!

    https_inc.png