Use EDM (Enhanced) Fingerprints in Policies Synchronized from Trellix ePO to Skyhigh
When using EDM (Enhanced) fingerprints in policies synchronized from Trellix ePO On-Prem to Skyhigh, there are some additional steps to follow.
- Define a matching EDM (Enhanced) fingerprint in Skyhigh CASB, following the instructions in Create an Exact Data Match (EDM) Fingerprint.
IMPORTANT: The fingerprint name must be EXACTLY the same as that used when creating the ePO On-Prem fingerprint. Capitalization, punctuation, and spaces must all be identical.
- The data structure (column names, column orders, and headings) should also be the same.
- You can also write a script for the training, as described in Automate Updating an EDM Fingerprint using a Script.
- Or see Trellix documentation at Options to generate the fingerprint file using the EDMTrain tool.
The commands for each will look similar to the following:
Trellix ePO
C:\Program Files\shnDlpIntegrator\edm-tool\edmtrain.exe" -h -d U+0009 -i C:\EDMTrain\mydata.tsv -o C:\EDMTrain\output\my_fingerprint_name
Skyhigh CASB
C:\Program Files\shnDlpIntegrator\edm-tool\edmtrain.exe" -h -d U+0009 -i C:\EDMTrain\mydata.tsv -o C:\EDMTrain\output.salt\my_fingerprint_name -f C:\EDMTrain\salt.txt
Note that the output directory is different, but the fingerprint name is the same in both cases. Also, the Skyhigh CASB version also requires the salt file path.
- Upload the fingerprint database using the
edmupload
program. - Once the fingerprint is saved and the database is uploaded, push the policy from Trellix ePO On-Prem.
Important: Pushing the policy from Trellix ePO On-Prem will fail if the fingerprint name does not match EXACTLY for Trellix ePO On-Prem fingerprint training and Skyhigh CASB fingerprint training.
- Go back to the fingerprint to the edit screen. If the Trellix ePO policy matches the Skyhigh CASB fingerprint, then the on-prem classifications will be listed in the Additional Info box on the right.