Data Loss Prevention

Hello,

Web Prevent provides sender information in this format 'WinNT:\\domain\username'

I am using this script 'Webprevent_script.vbs' to remove WinNT:// and pass the remaining information to LDAP plugin to populate custom attribute fields.

In my case it is only working for HTTP, not for HTTPS incident

I am attaching Webprevent_script and LDAP plugin text for your review.

Need your support. Thanks

BR
Atif

Hi,

It is working for HTTP and FTP because of the following line in the script. Try to add HTTPS as a condition too.

If attributeValues(1) = "HTTP" OR attributeValues(1) = "FTP" Then

Original Message:
Sent: 09-14-2021 08:38 AM
From: Muhammad Atif
Subject: Web Prevent Incidents - Custom Attributes - Script not working

Hello,

Web Prevent provides sender information in this format 'WinNT:\\domain\username'

I am using this script 'Webprevent_script.vbs' to remove WinNT:// and pass the remaining information to LDAP plugin to populate custom attribute fields.

In my case it is only working for HTTP, not for HTTPS incident

I am attaching Webprevent_script and LDAP plugin text for your review.

Need your support. Thanks

BR
Atif

Hi,

I made this change

If attributeValues(1) = "HTTPS"

But still not working.

BR
Atif
Original Message:
Sent: 09-15-2021 04:37 AM
From: Barnabas Toth
Subject: Web Prevent Incidents - Custom Attributes - Script not working

Hi,

It is working for HTTP and FTP because of the following line in the script. Try to add HTTPS as a condition too.

If attributeValues(1) = "HTTP" OR attributeValues(1) = "FTP" Then

Original Message:
Sent: 09-14-2021 08:38 AM
From: Muhammad Atif
Subject: Web Prevent Incidents - Custom Attributes - Script not working

Hello,

Web Prevent provides sender information in this format 'WinNT:\\domain\username'

I am using this script 'Webprevent_script.vbs' to remove WinNT:// and pass the remaining information to LDAP plugin to populate custom attribute fields.

In my case it is only working for HTTP, not for HTTPS incident

I am attaching Webprevent_script and LDAP plugin text for your review.

Need your support. Thanks

BR
Atif

Try with this one

If attributeValues(1) = "HTTP" OR attributeValues(1) = "HTTPS" OR attributeValues(1) = "FTP" Then

However scripting always needs some testing ands customization, especially if you are using a script from someone else.
Do some vbs debugging in your environment.

You can do testing like this:

C:\>cscript.exe //nologo "C:\webprevent_script.vbs" sender-email=WinNT://AD-domain/userID protocol=HTTPS
HTTPUserName=userID​

Please mark SOLVED if helped!

Hi Barnabas,

I made this change in the script

If attributeValues(1) = "HTTP" OR attributeValues(1) = "HTTPS" OR attributeValues(1) = "FTP" Then

still HTTPS incident Custom Attributes are not being populated.

Moreover, I performed the testing and getting the below result:

C:\Windows\system32>cscript.exe //nologo "C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.8.00000\Protect\plugins\NPW04_Script.vbs" sender-email=WinNT://imlab.local/m.atif protocol=HTTPS
HTTPUserName=m.atif

BR
Atif

Original Message:
Sent: 09-15-2021 04:54 AM
From: Barnabas Toth
Subject: Web Prevent Incidents - Custom Attributes - Script not working

Try with this one

If attributeValues(1) = "HTTP" OR attributeValues(1) = "HTTPS" OR attributeValues(1) = "FTP" Then

However scripting always needs some testing ands customization, especially if you are using a script from someone else.
Do some vbs debugging in your environment.

You can do testing like this:

C:\>cscript.exe //nologo "C:\webprevent_script.vbs" sender-email=WinNT://AD-domain/userID protocol=HTTPS
HTTPUserName=userID​

Please mark SOLVED if helped!

Hi,

I reviewed the localhost logs and made a change i.e. HTTPS to HTTPS/SSL. It worked.

 

If attributeValues(1) = "HTTP" OR attributeValues(1) = "HTTPS/SSL" Then

Barnabas: Thanks for the support

BR
Atif
Original Message:
Sent: 09-15-2021 12:30 PM
From: Muhammad Atif
Subject: Web Prevent Incidents - Custom Attributes - Script not working

Hi Barnabas,

I made this change in the script

If attributeValues(1) = "HTTP" OR attributeValues(1) = "HTTPS" OR attributeValues(1) = "FTP" Then

still HTTPS incident Custom Attributes are not being populated.

Moreover, I performed the testing and getting the below result:

C:\Windows\system32>cscript.exe //nologo "C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.8.00000\Protect\plugins\NPW04_Script.vbs" sender-email=WinNT://imlab.local/m.atif protocol=HTTPS
HTTPUserName=m.atif

BR
Atif

Original Message:
Sent: 09-15-2021 04:54 AM
From: Barnabas Toth
Subject: Web Prevent Incidents - Custom Attributes - Script not working

Try with this one

If attributeValues(1) = "HTTP" OR attributeValues(1) = "HTTPS" OR attributeValues(1) = "FTP" Then

However scripting always needs some testing ands customization, especially if you are using a script from someone else.
Do some vbs debugging in your environment.

You can do testing like this:

C:\>cscript.exe //nologo "C:\webprevent_script.vbs" sender-email=WinNT://AD-domain/userID protocol=HTTPS
HTTPUserName=userID​

Please mark SOLVED if helped!