User Information functionality and related error messages
Last Modified: 2023-04-13 19:05:41 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
User Information functionality and related error messages
Technical Articles ID:
KB93818
Last Modified: 2023-04-13 19:05:41 Etc/GMT Environment
Data Loss Prevention (DLP) Endpoint 11.x DLP Monitor 11.x DLP Prevent 11.x For DLP Endpoint supported environment, see KB68147 - Supported platforms for Data Loss Prevention Endpoint For DLP Prevent and Monitor supported environment, see KB87112 - Supported platforms for Data Loss Prevention Prevent and Monitor Summary
This article describes how you can edit and import a .csv file to User Information in DLP Operations. For basic information about the User Information tab, see the DLP Product Guide.
Problem
When a modified .csv file is imported to User Information, you encounter the following errors, which state that information is missing on several lines: FQDN is missing on line “x” or FQDN is invalid value on line “x” User Name is missing on line “x” User Logon Name (domain\username) is invalid value on line “x” Cause
The stated information is either missing, or not formatted correctly. When editing an exported User Information .csv file, three columns must be populated and correctly formatted: header_primary_user_ID_mandatory, header_FQDN and header_username. The header_username_NTLM is not needed, but if populated must be formatted properly.
Solution 1Or
These errors indicate that the User Principal Name information (header_primary_user_ID_mandatory) is missing or not formatted properly on the line mentioned. The User Principal Name information for the user must be populated in proper UPN formatting (that is, username@domain.com) before trying to import the User Information .csv file. NOTE: In rare cases, the User Principal Information field could be blank due to a DLP incident generated under a non-domain account. Solution 2This error indicates that the user’s FQDN information (header_FQDN) is either missing or not properly formatted on the line mentioned. The user’s FQDN details must be provided in proper FQDN formatting (that is, username@domain.com) before you import the User Information .csv file. Solution 3This error indicates that the User Name details (header_username) are missing on the line specified. Before you import the User Information .csv file, you must populate the User Name details. Examples of acceptable user name formats are below: domain\username username Solution 4
Related Information
Additional information about DLP User Information: For DLP Endpoint for Windows, the DLP Agent collects user information that is stored locally on the Windows system. It does not gather user information by connecting to an LDAP server. The DLP Agent must automatically collect the UPN, FQDN, and User name details needed and provide to ePO. Sometimes, these details might not be available on the endpoint, which results in an inability for the DLP Agent to provide such information. The WHOAMI command with the following switches can be run on the endpoint to verify if Windows has the user information stored locally. Columns that contain an “optional” header in the User Information .csv file are values that are NOT automatically collected by the DLP Agent. If you require data in these fields, they must be manually edited. Before importing the User Information .csv, all fields in the file must be comma delimited and the file must be saved in the CSV (comma delimited) format. The file import with either fail or not update User Information properly if formatted otherwise. When you update the User Information, the user information in all pre-existing DLP incidents associated with the updated users, is also updated. User Information can be updated using the REST API. For details, see KB87855 - REST API for Data Loss Prevention Endpoint definitions sample. For User Information that Logon Collector can gather, see the “Integration with Data Loss Prevention” section in the Logon Collector Product Guide. DLP Prevent and Monitor appliances can communicate with LDAP servers to obtain Active Directory User Information. An LDAP server must be registered with ePO and configured in the Users and Groups policy, as described in the DLP Product Guide. If you suspect that your appliance is not properly gathering the User Information details, contact Technical Support for assistance. Affected ProductsLanguages:This article is available in the following languages: |
|