Users may encounter situations in which DIM incidents from Symantec DLP are not associated to users, or to the correct user, in the ICA console.

Release : 6.5.x

Component : Symantec DLP

Users are associated to DIM incidents from Symantec DLP based on either of the following:

1. NETBIOSDomain + AccountName (a combination of two fields)
2. NETWORKSENDERIDENTIFIER (typically an e-mail address)

If no records in the ICA database table LDW_Users match either of the above values, the user is assumed to not exist and is created in the table LDW_Users. Note that the NETBIOSDomain name needs to match the Default Domain value specified in the ICA console's general settings for the first method to work.

1. Ensure users are associated with incidents in the Symantec DLP database
2. Ensure the value of the setting Default Domain matches that of the users in question:
   • Admin > Settings > General > Default Domain