In an incident User name or Sender 'NA' is captured in Web Prevent incident instead of correct user name on DLP cloud service for Web.
search cancel

In an incident User name or Sender 'NA' is captured in Web Prevent incident instead of correct user name on DLP cloud service for Web.

book

Article ID: 225296

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Cloud Detection Service

Issue/Introduction

In a DLP Cloud service environment WSS + DLP, incidents snapshot shows user name / sender as 'NA'.

Due to which lookup plugin pulls incorrect attributes from AD.

Environment

NA

Cause

WSS fetch user information from Active Directory, which is transferred to DLP as ICAP header, DLP process headers in below order.

"X-SYMC-User-Email-Address"
"X-SYMC-Authenticated-User"
"X-Authenticated-User"

DLP checks first for email address in header sent by proxy, if email address is blank DLP skips email and look for info in 'X-SYMC-Authenticated-User' or 'X-Authenticated-User'.

Email address for the effected user in AD was mentioned as 'NA' due to this DLP incident captured 'NA' as this was not a blank value.

Resolution

Make sure correct email address is added on AD in 'email' field as highlighted below, for all the users.

Powered by Wolken Software