You define custom attributes for custom incident data. The system generates incident attributes when a policy rule is violated. Lookup plugins use incident attributes and custom attributes in coordination with each other. A lookup plugin can be used to retrieve and display the name and the email address of the sender's manager from a directory server based on the email sender's address. For example, consider an email message that triggers an incident. Lookup plugins let you add additional context to incidents to facilitate remediation workflow. Procedure Step 9 : Reload the lookup plugin.Ī lookup plugin lets you connect the Enforce Server to an external system to retrieve supplemental data related to an incident. If you do not want to save the file, delete it now. It can be useful to save the file if you plan to update and re-encrypt it later. If you want to save the clear-text credentials file, move it to a secure location. Procedure Step 8 : Secure the clear-text credentials file. You can now use the encrypted credentials to authenticate to an external system. Procedure Step 6 : Enter the Credentials File Path.Įnter the fully qualified path to the encrypted credentials file. Procedure Step 5 : Select Enable Credentials.Īt the System > Lookup Plugins > Edit Script Lookup Plugin page, select (check) the Enable Credentials option. In-cleartext-filepath out-encrypted-filepathFor example on Windows you would issue the following:ĬredentialGenerator.bat C:\temp\M圜redentials.txtĬ:\temp\M圜redentialsEncrypted.txtYou can open this file in a text editor to verify that it is encrypted. Procedure Step 4 : Issue a command to generate an encrypted credential file. This directory on the Enforce Server contains the Credential Generator Utility. Procedure Step 3 : On the Enforce Server, open a shell or command prompt and change directories to \Protect\bin. The file needs to be saved to the Enforce Server temporarily. Procedure Step 2 : Save this credential file to the file system local to the Enforce Server. The format of this file is key=value, where key is the name of the credential. Procedure Step 1 : Create a text file that contains the credentials that are needed by the script to access the appropriate external systems. Request you to please follow the below procedure step by step for enabling and encrypting the credentials. These values are passed in the following format: key=value. In this case, the Enforce Server passes the values you exported to the clear-text credential file. If you choose to use credentials in clear text, you must hard code them into your script. The Credential Utility uses the same platform encryption keys that are used to protect user accounts and incident information within the Symantec Data Loss Prevention system. The credentials are then available for use within the script. When the Enforce Server invokes the Script Lookup Plugin, the plugin decrypts any credentials at runtime and passes them to the script as attributes. Symantec Data Loss Prevention provides the Credential Utility, which lets you encrypt credentials and use them to authenticate to an external data source. If you enable credentials through the user interface option, you must encrypt them. If your script is connecting to an external system that requires credentials, you can enable credentials for your script. This will simplify the deployment process. The client will enroll with the server:īy using AD enrollment, we can skill the Email configuration on the Symantec Encryption Server. ![]() Fill in the credentials of the AD user:ġ2. ![]() After the installation of the client on the desktop and the reboot, select 'Always Allow for This Site' on the Symantec Alert:ġ1. During the download of the Symantec Encryption Desktop Client, select the 'Preset Policy Group' as the group that created on step8:ġ0. Create a new group, and select to use the policy that created on step7:ĩ. On the 'General' tab, select to enable the option 'Enable Silent Enrollment':Ĩ. Open to edit the policy, then click 'Edit' button of the 'General' section:ħ. Click the 'Settings' button of the Directory Synchronization, select to enable the option 'Enroll clients using directory authentication':Ħ. Click 'Test Connection' button to ensure the connection to the directory:ĥ. Fill in the necessary information to connect to the directory:Ĥ. After enable the Directory Synchronization, click 'Add LDAP Directory' button:ģ. We need to enable Directory Synchronization firstly.įrom 'Consumers' tab, select 'Directory Synchronization', then click 'Enable' button:Ģ. In this article, we will provide the graphic step-by-step guide for AD enrollment.ġ. ![]() There are two method to enroll the Symantec Encryption Desktop: by Email, or by AD.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |