Data Loss Prevention

I am our Network Prevent for Web (ICAP) instance upgrading from 11.x to 12.5 and would like to start using Lookup Plugins in AD and Corporate LDAP. We are curentky using it with Network Prevent (SMTP) instance. 

The question is how I map ICAP incident attribute(s) to my LDAP attributes. In the incident we have:

Sender: WinNT://<AD-domain>/<userID>

Symantec documenatiton doers not show ANY ICAP related "Lookup parameter keys".

How i can use this attribute in the LDAP query? Does anyone used ICAP with LDAP Lookup?

 

 

Thanks!

Alex

 

You will need to use a script lookup to do that.

Have it run before your LDAP lookup.. 

You will need to have that script take the username you get.. WinNT://<AD-domain>/<userID>

You will need to then take that and parse out the Winnt://domain

Use the attached script.

You will need to change the following line, depending on how many characters the domain is. Change the '9' depending on the length of the domain.

strSlashPos = Instr(9,attributeValues(0), "/")

You will then need to update the LDAP lookup to also look for the new variable "HTTPUserName". Do this for each line you need.

attr.First\ Name =:(|(mail=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)(sAMAccountName=$HTTPUserName$)):givenName

Here are the copmmands for the scri[pt lookup.

c:/windows/system32/cscript.exe
/nologo,D:/Vontu/protect/plugins/Webprevent_script.vbs

 

Please marked solved!

Dears

I tried with DLP version 15.7MP2 but its not working attached error messages

C:\Windows\system32>cscript.exe
//nologo "E:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.7\Protect\plugins\Webprevent_script.vbs"
Original Message:
Sent: 03-19-2015 03:39 PM
From: RONAK PATEL
Subject: Using Lookup Plugin with Network Prevent for Web (ICAP)

You will need to use a script lookup to do that.

Have it run before your LDAP lookup.. 

You will need to have that script take the username you get.. WinNT://<AD-domain>/<userID>

You will need to then take that and parse out the Winnt://domain

Use the attached script.

You will need to change the following line, depending on how many characters the domain is. Change the '9' depending on the length of the domain.

strSlashPos = Instr(9,attributeValues(0), "/")

You will then need to update the LDAP lookup to also look for the new variable "HTTPUserName". Do this for each line you need.

attr.First\ Name =:(|(mail=$sender-email$)(sAMAccountName=$file-owner$)(sAMAccountName=$endpoint-user-name$)(sAMAccountName=$HTTPUserName$)):givenName

Here are the copmmands for the scri[pt lookup.

c:/windows/system32/cscript.exe
/nologo,D:/Vontu/protect/plugins/Webprevent_script.vbs

 

Please marked solved!