Configuring Data Loss Prevention to retrieve attribute values from Data Insight

The
System > Incident Data > Lookup Plugins
page in the Enforce Server administration console is where you configure the Data Insight lookup plug-in. You can configure one Data Insight lookup plug-in per Enforce Server instance.
Configuring the Data Insight lookup plug-in
Step
Action
Description
1
Create custom attributes.
Configure attribute status values and create custom attributes at the
System > Incident Data > Attributes
page.  See About incident status attributes in Help.
If you use only the data-owner-name attribute, you do not have to create a custom attribute. The data-owner-name attribute is generated by the system.
2
Configure a connection to Data Insight.
Set the host name, credentials, and parameters to connect to Data Insight.
3
Create a new Data Insight lookup plug-in.
From the Enforce Server administration console, navigate to the
System > Incident Data > Lookup Plugins
page and select
New Plugin > Data Insight
.
4
Enter a
Start Date
.
If you leave this field empty, the system sets this field to oldest date for history possible, which is 1/1/1970.
5
Select the
Active User Count
.
You can specify between 0 and 10 active users. The default is
1
.
6
Select the
Active Reader Count
.
You can specify between 0 and 10 active readers. The default is
1
.
7
Select the
Active Writer Count
.
You can specify between 0 and 10 active writers. The default is
1
.
8
Configure the
Attribute Mapping
.
The system provides you with an attribute mapping template for all the information exposed by Data Insight. A separate entry is made for each custom attribute to be populated. You enter the custom attribute to the right of the equals sign for each entry you want to map. For example,
Data_User=attr.data-owner-name
which is configured for you.
9
Enable the plug-in.
If you deploy multiple plug-ins, chain them as well.
10
Enable the lookup parameter keys.
For example, if you use the
data-owner-name
attribute, select the
Incident
key. You can select more than one key, but since each attribute group is a separate hit against the
Symantec Data Loss Prevention
database, you should only select those keys you need.
11
Test and troubleshoot the plug-in.