The Script Lookup, its setup, usage and testing, is outlined in the Lookup Plugin Guide.
Here is an example of how a script deployment could be set up.
This script is provided for educational purposes only and not supported by Symantec Support Services. We do not guarantee that it will work for you. For deployment in production you would have to create, test and deploy your own custom script. Due to the differences in the way text editors, e-mail packages and operating systems handle text formatting (spaces, tabs and carriage returns), this script may not be in an executable state when you first receive it. Check over the script to ensure that errors of this type are corrected
The following setup assumes that you have a python script named ip-lookup.py that we will use as a sample for demonstration purposes. Bear in mind you will need to apply this to the specific scripting environment of choice. To enable the script-lookup plug-in for the first time with minimum features and dependencies, follow these steps.
Configure Plugins.properties in /Vontu/Protect/config as follows:
com.vontu.api.incident.attributes.AttributeLookup.plugins=Vontu Script Lookup
com.vontu.lookup.script.ScriptLookup.properties = ScriptLookup.properties
Create a scripts folder in /Vontu/Protect/plugins/
Copy the ip-lookup.py script file to /Vontu/Protect/plugins/scripts
If this is a windows system, download and install Python 2.5.1 Windows Installer from http://www.python.org/download/ in c:/python25
In the example the script has the referenced username hard-coded for testing purposes.
Configure /Vontu/Protect/config/ScriptLookup.properties as follows:
Script Sanity Testing
The script should be tested for basic sanity before running it on Enforce.
Any attributes that would be passed by enforce can be stubbed out and passed via the command line
<script command> <stubbed out attributes>
c:\python25\python.exe -u c:\Vontu\Protect\plugins\scripts\ip-lookup.py sender-ip=22.214.171.124
Create a new Attribute Group: User Identity Resolution
Create the following custom attributes.
Recycle the Manager Service
Generate some incidents and verify that incidents contain the populated custom attributes.
This should be a good starting point. As you can see you can essentially write a program with any programming language as long as the configuration file is properly reflecting the calling convention of your program.