Thank you Fady. In my case, I don't have the DLP agents installed on end-user devices. I only have Network Prevent for Web detection servers that are integrated with Proxy SG devices over ICAP.
I guess based on what you said, the Network Prevent for Web will read the username from the Proxy SG "after the Proxy SG has authenticated the user", then it will apply the policy or not apply it based on the user groups defined for that policy on the Enforce server, correct?
In this case, the script mentioned originally in this article is only needed to associate incidents with usernames, but not needed if you want to only apply policies based on user groups?
Original Message:
Sent: 06-10-2021 10:44 AM
From: Fady azab
Subject: Network Prevent Incident Details (IP address-Username)
Hi Wasfi
You can apply a policy on specific username or AD group or apply a spcific group or username exception for specific policy .
if you want to apply for all the policies you have to do that in each policy.
So by default a DLP policy will be applied to everyone that has the agent or anytraffic passed to the other detection servers.
you have to mention which user or group to apply that policy or which you want to exclude from the policy
Thanks
------------------------------
Fady Azab
Senior Consultant
CCIT GMBH
Original Message:
Sent: 06-10-2021 10:35 AM
From: Wasfi Bounni
Subject: Network Prevent Incident Details (IP address-Username)
This article is what I was looking for. However, my aim is not to associate the incident with a username, but rather be able to apply DLP policies based on this username and her/his AD group. For example for the IT group, don't apply any DLP policy.
Something similar to user groups in Enforce DLP policies, which I don't think work with the Network Prevent for Web.
Kindly
Wasfi
Original Message:
Sent: 09-24-2013 02:54 AM
From: Laszlo Hervai
Subject: Network Prevent Incident Details (IP address-Username)
Hi,
It seems that the reason was, Firefox did not sent auth information in all packages. When I checked the logs I saw username in the first event but after that it disappear.
With IE it works like a charm, and every packet contains the username (In Base64).
With IE, and with DLP Solution's comment everything works now.
Regards,
Laszlo