Skip to main content
Skyhigh Security

Automate Updating an EDM Fingerprint using a Script

Once you have created an EDM (Enhanced) fingerprint and generated an index, you can automate updating an EDM fingerprint by writing a script using utilities built into the DLP Integrator. These tools are located in the subdirectory "edm-tool" of the directory where you installed the DLP Integrator.

For example, \C:Program Files\shnDlpIntegrator\edm-tool\ or /opt/shnDlpIntegrator/edm-tool/.

 

To create a script to automate EDM (Enhanced) fingerprint updates:

  1. In Skyhigh CASB go to Policy > DLP Policies > Fingerprints
  2. Find the EDM (Enhanced) fingerprint you'd like to automate and under Actions, click Show Command Line
    edm_command_line.png
  3. Create a file containing the salt used to protect your database: 
echo "8d8dbed7-f2a6-480f-bac9-5e590e3e4691" > salt.txt
  1. Run the EDMTrain tool to hash your CSV file:
edmtrain -o "/home/cpadala" -i "/home/cpadala/combinationfile.csv" -f salt.txt
  1. If you have a script my_db_export, you can also read the TSV file from a pipe to avoid writing the data to disk​:
my_db_export | edmtrain -o "/home/cpadala" -i - -f salt.txt
  1. Use the following command to upload the newly created fingerprint database:
edmupload /home/cpadala/foo.props 6103
  1. After the upload completes, delete the original CSV file, and the .props and .dis files generated by the EDMTrain tool.

For details on the edmtrain command line options, see Prepare the EDM (Enhanced) Fingerprint File

 

  • Was this article helpful?