Enabling lookup plug-in parameter keys
The
System > Incident Data > Lookup Plugins > Edit Lookup Plugin Parameters
page lists the Lookup Parameter Keys
that you select to trigger the look up of attribute values. Lookup parameter keys are organized into attribute groups. The selections made at this screen apply to all the lookup plug-ins deployed on the Enforce Server.To perform a lookup, you must map at least one lookup parameter key to a field in your external data source. Each lookup parameter group that you enable is a separate database query for the Enforce Server to perform. All database queries are executed for each incident before lookup. To avoid the performance impact of unnecessary database queries, you should only enable attribute groups that your lookup plug-ins require.
Because the plug-in stops searching after it finds the first matching lookup parameter key-value pair, the order in which you list the
keys
in your attribute map is significant. Refer to the attribute mapping examples for the specific type of plug-in you implement for details.Refer to Enabling lookup plug-in parameter keys in Help for details on lookup plug-in parameter keys
- To enable one or more lookup parameter keys
- Navigate toSystem > Incident Data > Lookup Pluginsin the Enforce Server administration console.
- ClickLookup Parametersat theLookup Plugins List Page.
- Select (check) one or more attribute groups at theEdit Lookup Plugin Parameterspage.ClickView Propertiesto view all of the keys for that attribute group.
- Savethe configuration.Verify the success message indicating that all enabled plug-ins were reloaded.
Attribute group | Lookup parameter keys |
|---|---|
Attachment | attachment-nameX, attachment-sizeX |
Incident | date-detected, incident-id, protocol, data-owner-name, data-owner-email |
Message | date-sent, subject, file-create-date, file-access-date, file-created-by, file-modified-by, file-owner, discover-content-root-path, discover-location, discover-name, discover-extraction-date, discover-server, discover-notes-database, discover-notes-url, endpoint-volume-name, endpoint-dos-volume-name, endpoint-application-name, endpoint-application-path, endpoint-file-name, endpoint-file-path |
Policy | policy-name |
Recipient | recipient-emailX, recipient-ipX, recipient-urlX |
Sender | sender-email, sender-ip, sender-port, endpoint-user-name, endpoint-machine-name |
Server | server-name |
Monitor | monitor-name, monitor-host, monitor-id |
Status | incident-status |
ACL | acl-principalX, acl-typeX, acl-grant-or-denyX, acl-permissionX |