Enabling lookup plug-in parameter keys

The
System > Incident Data > Lookup Plugins > Edit Lookup Plugin Parameters
page lists the
Lookup Parameter Keys
that you select to trigger the look up of attribute values. Lookup parameter keys are organized into attribute groups. The selections made at this screen apply to all the lookup plug-ins deployed on the Enforce Server.
To perform a lookup, you must map at least one lookup parameter key to a field in your external data source. Each lookup parameter group that you enable is a separate database query for the Enforce Server to perform. All database queries are executed for each incident before lookup. To avoid the performance impact of unnecessary database queries, you should only enable attribute groups that your lookup plug-ins require.
Because the plug-in stops searching after it finds the first matching lookup parameter key-value pair, the order in which you list the
keys
in your attribute map is significant. Refer to the attribute mapping examples for the specific type of plug-in you implement for details.
Refer to Enabling lookup plug-in parameter keys in Help for details on lookup plug-in parameter keys
  1. To enable one or more lookup parameter keys
  2. Navigate to
    System > Incident Data > Lookup Plugins
    in the Enforce Server administration console.
  3. Click
    Lookup Parameters
    at the
    Lookup Plugins List Page
    .
  4. Select (check) one or more attribute groups at the
    Edit Lookup Plugin Parameters
    page.
    Click
    View Properties
    to view all of the keys for that attribute group.
  5. Save
    the configuration.
    Verify the success message indicating that all enabled plug-ins were reloaded.
Lookup parameter keys
Attribute group
Lookup parameter keys
Attachment
attachment-nameX, attachment-sizeX
Incident
date-detected, incident-id, protocol, data-owner-name, data-owner-email
Message
date-sent, subject, file-create-date, file-access-date, file-created-by, file-modified-by, file-owner, discover-content-root-path, discover-location, discover-name, discover-extraction-date, discover-server, discover-notes-database, discover-notes-url, endpoint-volume-name, endpoint-dos-volume-name, endpoint-application-name, endpoint-application-path, endpoint-file-name, endpoint-file-path
Policy
policy-name
Recipient
recipient-emailX, recipient-ipX, recipient-urlX
Sender
sender-email, sender-ip, sender-port, endpoint-user-name, endpoint-machine-name
Server
server-name
Monitor
monitor-name, monitor-host, monitor-id
Status
incident-status
ACL
acl-principalX, acl-typeX, acl-grant-or-denyX, acl-permissionX