Data Loss Prevention

 View Only

  • 1.  Chaining Lookup Plugins in DLP 12.5 LDAP and CSV

    Posted Dec 31, 2014 05:44 AM

    Morning,

    I am after a bit of advice and to know if what I would like to do is possible and the best way of doing it.

    Currently I have one lookup LDAP plugin. 

    Which extracts the name, email address and AD username (of the format AB12345) to 3 custom attributes and adds it to an incident

    The attribute mapping is below. 

    attr.Name=:(|(mail=$sender-email$)(sAMAccountName=$endpoint-user-name$)(sAMAccountName=$data-owner-name$)):cn
    attr.Employee\ Email=:(|(mail=$sender-email$)(sAMAccountName=$endpoint-user-name$)(givenName=$sender-email$)):mail
    attr.UserID=:(|(mail=$sender-email$)(givenName=$sender-email$)(sAMAccountName=$endpoint-user-name$)):sAMAccountName

    This works perfectly however I would like to add additional departmental and managerial information from a CSV source as well AFTER the LDAP/AD custom attributes are populated (particularly the UserID attribute). The CSV source has a key where the unique value per record is the AD username (AB12345) 

    So my question is: 

    Since the original dlp incident does not contain the AD username information (UserID attribute) and it is only added to the incident after the first lookup plugin is activated. Can I use this now populated UserID custom attribute to then match the AD username (UserID) from my CSV source and thereby populate the rest of the custom attributes fields ?

    Eg incident after 1st lookup plugin (LDAP source)

    Name: Joe Bloggs

    Employee Email: Joe.Bloggs@company.com

    UserID: JB12345

    Manager: <Blank>

    Department: <Blank>

    Manager Email: <Blank>

    Eg incident after 2nd lookup plugin (CSV source)

    Name: Joe Bloggs

    Employee Email: Joe.Bloggs@company.com

    UserID: JB12345

    Manager: Fred Smith

    Department: Customer Service

    Manager Email: Fred.Smith@company.com

    Thanks in advance for the help.

    Kind Regards,

    Jeremy



  • 2.  RE: Chaining Lookup Plugins in DLP 12.5 LDAP and CSV
    Best Answer

    Trusted Advisor
    Posted Dec 31, 2014 06:06 AM

    hello jeremy,

     

     yes, when you chain plugins you are able to use result of previous plugin. Just take care of chaining order for each of your plugins and be sure that your result is stored in an attribute which could be used as a key for csv plugin.

     

     regards



  • 3.  RE: Chaining Lookup Plugins in DLP 12.5 LDAP and CSV

    Posted Dec 31, 2014 06:43 AM

    Thanks for that. So to expand my question a bit. 

    If I now have 2 LDAP plugins looking up my three attributes from AD from two separate LDAP sources. ie company 1 and company 2. 

    I then have 2 CSV lookup plugins to add the additional info.

    my order of chaining would be 

    1. LDAP company 1

    2. LDAP company 2

    3. CSV company 1

    4. CSV company 2

    I assume it would not matter that if the lookup plugin 1 (LDAP company 1 ) found the user and added the initial custom attributes (the three listed in first post), then LDAP company 2 lookup plugin which shouldnt find the user (as they are company 1) doesnt do anything and it should then move on to CSV company 1 lookup plugin (which will add the rest of the attributes). Regardless of LDAP company 2 not adding or finding the user ?

    Thanks again.

    Jeremy



  • 4.  RE: Chaining Lookup Plugins in DLP 12.5 LDAP and CSV

    Trusted Advisor
    Posted Jan 06, 2015 02:05 AM

    hello jeremy,

     First let me wish you (and all members of this forum (who will read this post)) an happy new year.

     Unfortunately you can have only one CSV plugin active if you use standard DLP plugin.

    As far as i see for your case you will need to devellop a custom plugin which will do all action you expect in same script.

     Standard plugin are quite limited, and as soon as you try to do "too" complex operation, you need to do your own plugin. If you need some help for that, let me know in MP.

     Regards.