How to combine CSV Lookup and LDAP lookup

book

Article ID: 160507

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

You need to enable both CSV Lookup and LiveLDAP Lookup

Resolution

To enable LDAP Lookup only, refer to TECH221114 

To enable CSV Lookup only, refer to TECH221248 

To enable both, update the Plugins.properties as the example below, paying attention to the highlighted portions:

---------------------------------------------------------------------------------------------------------------------------

# Inductor plug-ins.
# A comma-separated list of accepted inductor plug-ins specified in Specification-Title attribute
# of plug-in JAR manifest. JAR manifest should also specify Protect-Minimum-Version such as 4.0.0.0.
com.vontu.messaging.induction.Inductor.plugins=Vontu CopyRule Inductor,Vontu FileScan Inductor,Vontu ICAP Inductor,Vontu Inline SMTP Inductor,Vontu PacketCapture Inductor,Vontu Discover Inductor,Vontu Aggregator Inductor,Vontu Lotus Notes Crawler,Vontu Classification Inductor,NCSO.jar,Notes.jar

# AttributeLookup plug-ins.
# A comma-separated list of attribute lookup plug-ins and JARs they depend on
# specified as Specification-Title attribute of plug-in JAR manifest or JAR file name.
com.vontu.api.incident.attributes.AttributeLookup.plugins=Vontu Csv Lookup,Vontu Directory Classes,Vontu Live LDAP Lookup

# Plugin Execution Chain.
# A comma-separated list of attribute lookup plug-ins to be executed in sequence.
# Example: com.vontu.lookup.script.ScriptLookup, com.vontu.lookup.xls.ExcelLookup, com.vontu.lookup.script.ScriptLookup, com.vontu.lookup.datainsight.DataInsightLookup
# This example will execute Script Lookup #1 -> ExcelLookup -> Script Lookup #2 -> Data Insight Lookup
# Even if there is only one plugin in the chain, it must be listed here.
com.vontu.plugins.execution.chain=com.vontu.lookup.csv.CsvLookup,com.vontu.lookup.liveldap.LiveLdapLookup


# Plugin JAR manifests to enable Live LDAP lookups If com.vontu.api.incident.attributes.AttributeLookup.plugins are already set above, the following one should be commented out.
#com.vontu.api.incident.attributes.AttributeLookup.plugins=Vontu Directory Classes,Vontu Live LDAP Lookup

# Plugin JAR manifests to enable Data Insight lookups If com.vontu.api.incident.attributes.AttributeLookup.plugins are already set above, the following one should be commented out.
#com.vontu.api.incident.attributes.AttributeLookup.plugins=Vontu Data Insight Lookup

# Attribute Lookup parameters.
# A comma-separated list of parameter groups that specifies what parameters are sent to lookup plug-ins.
# Acceptable value is any combination of the following literals:
# attachment, incident, message, policy, recipient, sender, server, status.
# Each of them specifies a group of one or more attributes:
# attachment
#  attachment-nameX
# attachment-sizeX
# , where X is the unique index to distinguish between mutliple attachments,
#   for example, attachment-name1, attachment-size1, attachment-name2, attachment-size2 and so on. 
# incident
# date-detected
# incident-id
# protocol
# data-owner-name
# data-owner-email
# message
# date-sent
# subject
# file-create-date
# file-access-date
# file-created-by
# file-modified-by
# file-owner
# discover-content-root-path
# discover-location
# discover-name
# discover-extraction-date
# discover-server
# discover-notes-database
# discover-notes-url
# endpoint-volume-name
# endpoint-dos-volume-name
# endpoint-application-name
# endpoint-application-path
# endpoint-file-name
# endpoint-file-path
# policy
# policy-name
# recipient
# recipient-emailX
# recipient-ipX
# recipient-urlX
# , where X is the unique index to distinguish between mutliple recipients,
#   for example, recipient-email1, recipient-ip1, recipient-url1, recipient-email2, recipient-ip2, recipient-url2 and so on. 
# sender
# sender-email
# sender-ip
# sender-port
# endpoint-user-name
# endpoint-machine-name
# server
# server-name
# monitor
#  monitor-name
# monitor-host
# monitor-id
# status
# incident-status
# acl
# acl-principalX  (String representing the user or group to whom the acl applies)
# acl-typeX  (String representing whether the acl applies to the FILE or to the SHARE) 
# acl-grant-or-denyX (String representing whether the acl will GRANT or DENY the permission)
# acl-permissionX  (String representing whether the acl denotes READ or WRITE access)
#
# X is the unique index to distinguish between mutliple acl entries,
#   for example, acl-pricinpal1, acl-type1, acl-grant-or-deny1, acl-permission1 
# If none of the above is specified only custom attributes are included into the parameter list.
com.vontu.api.incident.attributes.AttributeLookup.parameters=sender,message


# Attribute Lookup output parameters
# A comma-separated list that specifies which parameters can be modified by lookup plug-ins.  These parameters
# can be specified in lookup plug-in configurations and scripts using the same syntax as custom attributes.
#
# Acceptable value is any combination of the following literals:
#  data-owner-name
# data-owner-email
#
com.vontu.api.incident.attributes.AttributeLookup.output.parameters=data-owner-name, data-owner-email


# Lookup timeout in milliseconds.
com.vontu.api.incident.attributes.AttributeLookup.timeout=60000


# Automatic lookup.
# Specifies whether the lookup should be triggerred automatically when a new incident is detected.
com.vontu.api.incident.attributes.AttributeLookup.auto=true

# Automatic plugin reload.
# Specifies whether the plugins should be automaticaly reloaded every morning at 3:00.
com.vontu.api.incident.attributes.AttributeLookup.reload=false

# Lookup thread count.
# Specifies maximum number of threads for lookup.
# This setting should be greater than the thread-count of new-incident-commands configuration.
# See com.vontu.manager.command.newincident.new-incident-command.xml in manager.jar
com.vontu.api.incident.attributes.AttributeLookup.thread_count=5


# Live LDAP lookup configuration file
com.vontu.lookup.liveldap.LiveLdapLookup.properties = LiveLdapLookup.properties

# Csv Document Lookup configuration file
com.vontu.lookup.csv.CsvLookup.properties = CsvLookup.properties

# Script Lookup configuration file
#com.vontu.lookup.script.ScriptLookup.properties = ScriptLookup.properties

# Data Insight Lookup configuration file
#com.vontu.lookup.datainsight.DataInsightLookup.properties = DataInsightLookup.properties

# Incident Response Action configuration parameters.
#com.symantec.dlpx.flexresponse.Plugin.plugins = plugin1.jar, plugin2.jar, etc...
com.vontu.enforce.incidentresponseaction.IncidentResponseActionInvocationService.maximum-incident-batch-size = 100
com.vontu.enforce.incidentresponseaction.IncidentResponseActionInvocationService.keep-alive-time = 60000
com.vontu.enforce.incidentresponseaction.IncidentResponseActionInvocationService.serial-timeout = 60000

-----------------------------------------------------------------------------------------------------------------------


Applies To

The details in this technote apply to DLP versions earlier than 11.6.

In DLP 11.6, configuration of Lookup Plugins was moved to the UI.