Configuring Data Loss Prevention to retrieve attribute values from Data Insight
The
System > Incident Data > Lookup Plugins
page in the Enforce Server administration console is where you configure the Data Insight lookup plug-in. You can configure one Data Insight lookup plug-in per Enforce Server instance.Step | Action | Description |
|---|---|---|
1 | Create custom attributes. | Configure attribute status values and create custom attributes at the System > Incident Data > Attributes page. See About incident status attributes in Help. If you use only the data-owner-name attribute, you do not have to create a custom attribute. The data-owner-name attribute is generated by the system. |
2 | Configure a connection to Data Insight. | Set the host name, credentials, and parameters to connect to Data Insight. |
3 | Create a new Data Insight lookup plug-in. | From the Enforce Server administration console, navigate to the System > Incident Data > Lookup Plugins page and select New Plugin > Data Insight . |
4 | Enter a Start Date . | If you leave this field empty, the system sets this field to oldest date for history possible, which is 1/1/1970. |
5 | Select the Active User Count . | You can specify between 0 and 10 active users. The default is 1 . |
6 | Select the Active Reader Count . | You can specify between 0 and 10 active readers. The default is 1 . |
7 | Select the Active Writer Count . | You can specify between 0 and 10 active writers. The default is 1 . |
8 | Configure the Attribute Mapping . | The system provides you with an attribute mapping template for all the information exposed by Data Insight. A separate entry is made for each custom attribute to be populated. You enter the custom attribute to the right of the equals sign for each entry you want to map. For example, Data_User=attr.data-owner-name which is configured for you. |
9 | Enable the plug-in. | If you deploy multiple plug-ins, chain them as well. |
10 | Enable the lookup parameter keys. | For example, if you use the data-owner-name attribute, select the Incident key. You can select more than one key, but since each attribute group is a separate hit against the Symantec Data Loss Prevention database, you should only select those keys you need. |
11 | Test and troubleshoot the plug-in. |