user/guid mapping in RSA Web Threat Detection
2 years ago
Originally Published: 2015-08-25
Article Number
000049040
Applies To
RSA Product Set: Web Threat Detection
RSA Product/Service Type: Forencics
RSA Version/Condition: All
 
Resolution
Overview of the elements of user/guid mapping in WTD

A guid must be present in the web session traffic. The guid must be unique and present throughout the session, it can change within the session and such changes can be followed by a guidFollower (see below)
 
guid is defined as an attribute containing the GUID which will be read from the txn.

next-guid is an attribute to hold the next GUID when it changes during a session, read from the txn

guidOut is an attribute to hold the GUID which will be written into the txn.
 
prevGuidOut is an attribute to hold the previous GUID (in a GUID following sense) which will be written into the txn.
 
userOut is an attribute to hold the user which will be written into the txn. 

user-from-login is an attribute which (in this example) hold the user id read from the transaction.

Silver Surfer is responsible for the user mapping and must be configured with the above attributes in it mapping section where it needs the relation of the above attributes to be defined along with the guidFollower
The login section defines where and when to find the user id in the session, this is usually only found at login for example.
 
guidFollower Defines a relationship between two attributes containing GUID values, in which one represents the current value and the other represents the next value.  Uses guid and next-guid (above)

 
 
 
Don't see what you're looking for?