Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Creating Remediation Scripts for TRITON AP-DATA > Remediation scripts
Remediation scripts
Creating Remediation Scripts | Data Protection | Version 8.3.x
What are remediation scripts?
Remediation scripts, in the context of discovery or DLP incidents, lets you extend the functionality of discovery or DLP.
A remediation script is an executable that is run by a Policy Engine or an Endpoint Agent whenever an incident is triggered. Whenever an incident is generated, the system creates an XML file that contains details of the incident. The absolute path to that file is provided as the first command line argument.
 
How do I configure remediation scripts?
You can configure remediation scripts via the Data Security module of the TRITON Manager. A remediation script is considered a Resource, and is configured under the Resources sections.
For information on how to configure the remediation scripts, refer to the Data Security manager Help section Remediation scripts.
What is the operating system context of a remediation script?
Remediation scripts can be supplied with optional credentials. The table below describes the credentials available to the remediation scripts on multiple platforms:
 
 
Windows Server Policy Engine
Linux Server Policy Engine
Windows Endpoint
Linux Endpoint
With supplied credentials
Impersonate the supplied credentials
Currently not supported
Impersonate the supplied credentials
Currently not supported
Without supplied credentials
Impersonate the user running the Policy Engine
Effective UID of root
LocalSystem
Currently not supported
Please note that DLP remediation scripts do not have access to forensic information (the data that caused the incident).
How are discovery remediation scripts written?
A remediation script can be an executable, or it can be a script written in an interpreted language. Listed below are scripts and language interpreters you can use to write remediation scripts without installing additional software.
*
Windows - CMD Shell (.bat, .cmd)
*
Windows - VBScript (.vbs) - by running through a CMD shell script that runs the VBScript interpreter cscript.exe explicitly
*
Windows & Linux - Python 2.5.4 (.py)
*
Windows executable (.exe, .com)
*
Linux ELF executable
*
Linux BASH scripts
You can also use other interpreted languages, however you will need to install additional software. Ensure the language interpreter is correctly installed on the server. In Network discovery, the language interpreter must be installed on all Crawler machines. In Endpoint discovery, the language interpreter must be installed on the entire endpoint population.
Please note that because DLP and discovery incidents can occur on both Windows and Linux machines. It is highly desirable to write these scripts in Python since Python is available on both Windows and Linux servers and also on all endpoints. In most cases you can use the exact same script for these 2 operating systems without amending the script in such a way to account for changes.
Due to the writer's preference, the samples provided in this document are written in Python.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Creating Remediation Scripts for TRITON AP-DATA > Remediation scripts
Copyright 2016 Forcepoint LLC. All rights reserved.