If your script is connecting to an external system that requires credentials, you can enable credentials for your script. If you enable credentials through the user interface option, you must encrypt them. Symantec Data Loss Prevention provides the Credential Utility, which lets you encrypt credentials and use them to authenticate to an external data source.
When the Enforce Server invokes the Script Lookup Plugin, the plugin decrypts any credentials at runtime and passes them to the script as attributes. The credentials are then available for use within the script. The Credential Utility uses the same platform encryption keys that are used to protect user accounts and incident information within the Symantec Data Loss Prevention system.
If you choose to use credentials in clear text, you must hard code them into your script. In this case, the Enforce Server passes the values you exported to the clear-text credential file. These values are passed in the following format: key=value.
Request you to please follow the below procedure step by step for enabling and encrypting the credentials.
Procedure Step 1 : Create a text file that contains the credentials that are needed by the script to access the appropriate external systems.
The format of this file is key=value, where key is the name of the credential.
For example:
username=msantos password=esperanza9
Procedure Step 2 : Save this credential file to the file system local to the Enforce Server.
The file needs to be saved to the Enforce Server temporarily.
For example: C:\temp\MyCredentials.txt.
Procedure Step 3 : On the Enforce Server, open a shell or command prompt and change directories to <\SymantecDLP_home>\Protect\bin.
This directory on the Enforce Server contains the Credential Generator Utility.
Procedure Step 4 : Issue a command to generate an encrypted credential file.
The command syntax is as follows:
CredentialGenerator.bat
in-cleartext-filepath out-encrypted-filepathFor example on Windows you would issue the following:
CredentialGenerator.bat C:\temp\MyCredentials.txt
C:\temp\MyCredentialsEncrypted.txtYou can open this file in a text editor to verify that it is encrypted.
Procedure Step 5 : Select Enable Credentials.
At the System > Lookup Plugins > Edit Script Lookup Plugin page, select (check) the Enable Credentials option.
Procedure Step 6 : Enter the Credentials File Path.
Enter the fully qualified path to the encrypted credentials file. For example:
C:\temp\MyCredentialsEncrypted.txt.
Procedure Step 7 : Save the plugin.
You can now use the encrypted credentials to authenticate to an external system.
Procedure Step 8 : Secure the clear-text credentials file.
If you want to save the clear-text credentials file, move it to a secure location. It can be useful to save the file if you plan to update and re-encrypt it later. If you do not want to save the file, delete it now.
Procedure Step 9 : Reload the lookup plugin.
About lookup plugins :
A lookup plugin lets you connect the Enforce Server to an external system to retrieve supplemental data related to an incident. The data is stored as attributes. Lookup plugins let you add additional context to incidents to facilitate remediation workflow. For example, consider an email message that triggers an incident. A lookup plugin can be used to retrieve and display the name and the email address of the sender's manager from a directory server based on the email sender's address.
Lookup plugins use incident attributes and custom attributes in coordination with each other. The system generates incident attributes when a policy rule is violated. You define custom attributes for custom incident data. Continuing the example, on detection of the incident, the system generates the incident attribute "sender-email" and populates it with the email address of the sender. The lookup plugin uses this key-value pair to look up the values for custom attributes "Manager Name" and "Manager Email" from an LDAP server. The plugin populates the custom attributes and displays them in the Incident Snapshot.
The System > Lookup Plugins screen is the home page for creating, configuring, and managing lookup plugins. Lookup plugins are used for remediation to retrieve incident-related data from an external data source and populate incident attributes.