000031044 - user/guid mapping in RSA Web Threat Detection

Document created by RSA Customer Support Employee on Jan 31, 2017Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000031044
Applies ToRSA Product Set: Web Threat Detection
RSA Product/Service Type: Forencics
RSA Version/Condition: All
ResolutionOverview of the elements of user/guid mapping in WTD
A guid must be present in the web session traffic. The guid must be unique and present throughout the session, it can change within the session and such changes can be followed by a guidFollower (see below)

guid is defined as an attribute containing the GUID which will be read from the txn.
next-guid is an attribute to hold the next GUID when it changes during a session, read from the txn
guidOut is an attribute to hold the GUID which will be written into the txn.


prevGuidOut is an attribute to hold the previous GUID (in a GUID following sense) which will be written into the txn.


userOut is an attribute to hold the user which will be written into the txn. 
user-from-login is an attribute which (in this example) hold the user id read from the transaction.
Silver Surfer is responsible for the user mapping and must be configured with the above attributes in it mapping section where it needs the relation of the above attributes to be defined along with the guidFollower
The login section defines where and when to find the user id in the session, this is usually only found at login for example.
guidFollower Defines a relationship between two attributes containing GUID values, in which one represents the current value and the other represents the next value.  Uses guid and next-guid (above)