First of all, Symantec DLP (Vontu) will not do the work of the URL filter,  it's not the purpose of the product, you can block certain ip's/sites but  the url filter will have many more benefits in that area such as site blocking by type [porn,gambling etc.].
Secondly, integrating Symantec DLP with ISA couldn't have been more simple now with version 10. you have an add-on that you install on your ISA Server, and thats it.
Please refer to the:
Symantec_DLP_10.0_ISA_Integration_Guide.pdf
In order to read more about the integration.

Regards,
Naor Penso

I am sorry but I cant understand what are your intentions.
I think you are mixing 2 DLP Components,
DLP Network Monitor
DLP Network Prevent for web

If you would like to integrate the Network Prevent for web, but still leave it in monitoring mode (Prevention off) than you can integrate the components using the pdf: Symantec_DLP_10.5_ISA_Integration_Guide
This pdf comes in the product sources in the zip file: Symantec_DLP_10.5_Docs_Win-IN
If you bought the product then you should have an ID for downloading the files (it starts with an "M", for example: M12358224)
After integrating the components, in the DLP console go to Servers->Overview and choose the Network Prevent for web. Inside choose "Configure" and the first choice you would have will be "disable prevention"

If you would like see user information with network monitor, you should integrate your DLP with LDAP, it could return a lot of attributes (depending on the protocol in which the violation occurred). for that you should use the pfd: Symantec_DLP_10.5_Lookup_Plugin_Guide

Kind Regards
Naor Penso

We have DLP integrated with LDAP and it is providing user attributes. This all works fine - for emails. However for HTTP incidents we just get IP information as the sender. I have been told that there is some configuration that we can do in the ISA proxy to pass user attributes for HTTP.

I'll have a look see if I can find the docs in our source files.

Thanks

I've downloaded Symantec_DLP_9.0_Docs_Win-IN.zip but it does not have the ISA Integration Guide in it. Was this not included in 9.0?

In version 9 ISA was still unsupported.
You will need to upgrade to version 10(at least) in order for ISA integration to be supported.

About the attributes in HTTP events. you will not be able to query the ISA or any other data store that might have IP information unless you build a custom Lookup Plugin.
Another method is that ISA would export every X amount of time a table with IP addresses and computer names and you will use the CSV lookup plugin (without needing to develop your own plugin).

Kind regards,
Naor Penso

Thanks for your help Naor - much appreciated. Evidently we have v10.0 installed, even though our serial numbers were for 9.0. We got upgraded during the intial installation.

Is this a unusual requirement? The HTTP incidents are not very illuminating with no attributes populated as they are...

You are partly correct. the HTTP events arriving from the Network Monitor does not contain much information about the person that is responsible for the incident.
You should remember that Symantec DLP does not have its own user store to compare with HTTP incidents,
But will a bit of hard work you can create a user store based on your Proxy and than integrate it with Symantec DLP (as said before, with the CSV lookup plugin searching the ISA's records).

Kind regards,
Naor Penso