Message Image

Skip main navigation (Press Enter).

Data Loss Prevention

View Only

Back to discussions

Expand all | Collapse all

Lookup to get user information for HTTP incidents

Jump to Best Answer

Migration UserDec 12, 2013 07:19 PM

Has anyone written a script that can lookup the user of a machine for HTTP incidents? I want to be ...

DLP SolutionsDec 12, 2013 07:32 PMBest Answer

I have written a few different scripts on this.. That does an nslookup of the IP address and returns ...

1. Lookup to get user information for HTTP incidents

1 Recommend
Migration User
Posted Dec 12, 2013 07:19 PM

Reply Reply Privately
Has anyone written a script that can lookup the user of a machine for HTTP incidents?

I want to be able to see who was on the machine when the incident was created.. and do an AD lookup.

Thanks
2. RE: Lookup to get user information for HTTP incidents

Best Answer

0 Recommend
Trusted Advisor

DLP Solutions
Posted Dec 12, 2013 07:32 PM
| view attached (2)

Reply Reply Privately
I have written a few different scripts on this..

That does an nslookup of the IP address and returns the laptop name. The laptop name has the users name in it. So I strip it out and do an LDAP lookup with it.

That runs a powershell command of logged on user and I strip out the domain name out and do an LDAP lookup with it. (this only works on PC's and as long as there is ONLY 1 logged in user. You need to download the psloggedon.exe from Microsoft and put in the right directory.

They are both VBS scripts that are called to the UI.

Here are the script settings:

stdin=true
stdout=true

script.1.command=c:/windows/system32/cscript.exe
script.1.custom.args=/nologo,D:/Vontu/protect/plugins/scripts/Hostlookup.vbs

Attachment(s)

hostlookup.vbs_.txt 2 KB 1 version

powershell lookup.txt 2 KB 1 version

Copyright 2019. All rights reserved.

Powered by Higher Logic