There are 3 ways to use custom attributes as variables in an email response rule.

Using the custom variable name directly.

The custom incident attributes can be used as variables in the notification. However those are hidden and cannot be picked by clicking on the list of available variables. To use those variables it is necessary to type them by hand enclosed with dollar signs $ on both sides. Please note that the variable name is case sensitive.

For example to use the First Name custom attribute, which should be populated by the LDAP plugin beforehand to use in the notification, the variable would need to be:

$First Name$

which would match the custom attribute First Name visible on the below screenshot:

Alternatively, if you did not change or add Custom Attribute Groups (e.g. Default is the only one), follow the instructions below:

1. Log on to Symantec Data Loss Prevention as an Administrator.

2. Under System navigate to Incident Data, then to the Attribute page. Lastly, click on the "Custom Attributes" tab.

3. For each custom attribute that you would like to add to the notification email, mouse over it or left click on it to reveal its properties. The properties may show up in a bar at the bottom of the screen or in a pop-up box. You are looking for the number of the custom attribute. The attribute numbers may appear in parentheses. For example, FirstName may reveal ("24") and LastName may reveal ("25"). Copy each attribute name and corresponding number for all the custom attributes that will be added to the notification email.

4. Under Policy, navigate to Response Rules, add an email notification response rule, and set up the email response. Wherever the custom attribute should appear, enter $ATTRIBUTE_<attribute number>$. For example, using the custom attributes FirstName and LastName, the email salutation in the rule email would appear as follows:  

Dear $ATTRIBUTE_24$ $ATTRIBUTE_25$,  

 which would yield Dear Joe Smith in the email notification to Joe Smith, if Joe Smith was the policy violator.

5. Please note that deletion of any of the custom attributes used in the email notifications, or problems with the initial attribute lookup, will prevent email notifications from working properly.

If you did change or add Custom Attribute Groups to help you better manage your custom attributes, follow the instructions below:

1. Open a command window and start SQL*Plus.

2. Log in as the Protect user and run the following query: select * from customattributedefinition.

3. Note the COLUMNINDEX numbers for each custom attribute you want to use in the email. An example result should look similar to the below:

In this example the First Name custom attribute is associated with the number 6 in the COLUMNINDEX.

4. Return to the Symantec Data Loss Prevention user interface and, under Policy, navigate to Response Rules, add an email notification response rule, and set up the email response. Wherever the custom attribute should appear, enter $ATTRIBUTE_<columnindex number>$.

For example, using the custom attributes FirstName and LastName, the email salutation in the rule email would appear as follows:

Dear $ATTRIBUTE_6$ $ATTRIBUTE_7$,

which would yield Dear Joe Smith in the email notification to Joe Smith, if Joe Smith was the policy violator.

5. Please note that deletion of any of the custom attributes used in the email notifications, or problems with the initial attribute lookup, will prevent email notifications from working properly.

See What Variables can be used within Response Rules? for more attribute options.