Automate Updating an EDM Fingerprint using a Script

Once you have created an EDM (Enhanced) fingerprint and generated an index, you can automate updating an EDM fingerprint by writing a script using utilities built into the DLP Integrator. These tools (edmtrain) are located in the subdirectory "tools" of the directory where you installed the DLP Integrator.

For example, \C:Program Files\shnDlpIntegrator\tools\ or /opt/shnDlpIntegrator/tools/.

To create a script to automate EDM (Enhanced) fingerprint updates:

1. In Skyhigh CASB go to Policy > DLP Policies > Fingerprints. 
2. Find the EDM (Enhanced) fingerprint you'd like to automate and under Actions, click Show Command Line. 
   
3. Create a file containing the salt used to protect your database: 

echo "8d8dbed7-f2a6-480f-bac9-5e590e3e4691" > salt.txt

4. Run the EDMTrain tool to hash your CSV file:

edmtrain -o "/home/cpadala" -i "/home/cpadala/combinationfile.csv" -f salt.txt

5. If you have a script my_db_export, you can also read the TSV file from a pipe to avoid writing the data to disk​:

my_db_export | edmtrain -o "/home/cpadala" -i - -f salt.txt

6. Use the following command to upload the newly created fingerprint database:

edmupload /home/cpadala/foo.props 6103

7. After the upload completes, delete the original CSV file, and the .props and .dis files generated by the EDMTrain tool.

If the index upload fails, for DLP Integrator 6.2.1 and later, you can use edmupload with the additional command line option:

edmUpload <Path to *.props file> <definition Id> --resume

For details on the edmtrain command line options, see Prepare the EDM (Enhanced) Fingerprint File.