When using IDM (Enhanced) fingerprints in policies synchronized from Trellix ePO On-Prem to Skyhigh, there are some additional steps to follow.
- Define a matching IDM (Enhanced) fingerprint in Skyhigh CASB, following the instructions in Create an Indexed Data Match (IDM) Fingerprint.
IMPORTANT: The fingerprint name must be EXACTLY the same as that used when creating the ePO On-Prem fingerprint. Capitalization, punctuation, and spaces must all be identical.
- The data structure (column names, column orders, and headings) should also be the same.
- You can also write a script for the training, as described in Automate Updating an IDM Fingerprint using a Script.
- Or see Trellix documentation at Options to generate the fingerprint file using the IDMTrain tool.
The commands for each will look similar to the following:
C:\Program Files\shnDlpIntegrator\idm-tool\idmtrain.exe" -h -d U+0009 -i C:\IDMTrain\mydata.tsv -o C:\IDMTrain\output\my_fingerprint_name
C:\Program Files\shnDlpIntegrator\idm-tool\idmtrain.exe" -h -d U+0009 -i C:\IDMTrain\mydata.tsv -o C:\IDMTrain\output.salt\my_fingerprint_name -f C:\IDMTrain\salt.txt
Note that the output directory is different, but the fingerprint name is the same in both cases. Also, the Skyhigh CASB version also requires the salt file path.
- Upload the fingerprint database using the
- Once the fingerprint is saved and the database is uploaded, push the policy from Trellix ePO On-Prem.
Important: Pushing the policy from Trellix ePO On-Prem will fail if the fingerprint name does not match EXACTLY for Trellix ePO On-Prem fingerprint training and Skyhigh CASB fingerprint training.
- Go back to the fingerprint to the edit screen. If the Trellix ePO policy matches the Skyhigh CASB fingerprint, then the on-prem classifications will be listed in the Additional Info box on the right.