Hi
This is working in my test environment. It uses only LDAP lookups to ActiveDirectory.
regards
Philipp
# Inductor plug-ins.
# A comma-separated list of accepted inductor plug-ins specified in Specification-Title attribute
# of plug-in JAR manifest. JAR manifest should also specify Protect-Minimum-Version such as 4.0.0.0.
com.vontu.messaging.induction.Inductor.plugins=Vontu CopyRule Inductor,Vontu FileScan Inductor,Vontu ICAP Inductor,Vontu Inline SMTP Inductor,Vontu PacketCapture Inductor,Vontu Discover Inductor,Vontu Aggregator Inductor,Vontu Lotus Notes Crawler,Vontu Classification Inductor,NCSO.jar,Notes.jar
# AttributeLookup plug-ins.
# A comma-separated list of attribute lookup plug-ins and JARs they depend on
# specified as Specification-Title attribute of plug-in JAR manifest or JAR file name.
com.vontu.api.incident.attributes.AttributeLookup.plugins=Vontu Directory Classes,Vontu Live LDAP Lookup
# Plugin Execution Chain.
# A comma-separated list of attribute lookup plug-ins to be executed in sequence.
# Example: com.vontu.lookup.script.ScriptLookup, com.vontu.lookup.xls.ExcelLookup, com.vontu.lookup.script.ScriptLookup, com.vontu.lookup.datainsight.DataInsightLookup
# This example will execute Script Lookup #1 -> ExcelLookup -> Script Lookup #2 -> Data Insight Lookup
# Even if there is only one plugin in the chain, it must be listed here.
com.vontu.plugins.execution.chain=com.vontu.lookup.liveldap.LiveLdapLookup
# Plugin JAR manifests to enable Live LDAP lookups
# com.vontu.api.incident.attributes.AttributeLookup.plugins=Vontu Directory Classes,Vontu Live LDAP Lookup
# Plugin JAR manifests to enable Data Insight lookups
#com.vontu.api.incident.attributes.AttributeLookup.plugins=Data Insight Lookup
# Attribute Lookup parameters.
# A comma-separated list of parameter groups that specifies what parameters are sent to lookup plug-ins.
# Acceptable value is any combination of the following literals:
# attachment, incident, message, policy, recipient, sender, server, status.
# Each of them specifies a group of one or more attributes:
# attachment
# attachment-nameX
# attachment-sizeX
# , where X is the unique index to distinguish between mutliple attachments,
# for example, attachment-name1, attachment-size1, attachment-name2, attachment-size2 and so on.
# incident
# date-detected
# incident-id
# protocol
# data-owner-name
# data-owner-email
# message
# date-sent
# subject
# file-create-date
# file-access-date
# file-created-by
# file-modified-by
# file-owner
# discover-content-root-path
# discover-location
# discover-name
# discover-extraction-date
# discover-server
# discover-notes-database
# discover-notes-url
# endpoint-volume-name
# endpoint-dos-volume-name
# endpoint-application-name
# endpoint-application-path
# endpoint-file-name
# endpoint-file-path
# policy
# policy-name
# recipient
# recipient-emailX
# recipient-ipX
# recipient-urlX
# , where X is the unique index to distinguish between mutliple recipients,
# for example, recipient-email1, recipient-ip1, recipient-url1, recipient-email2, recipient-ip2, recipient-url2 and so on.
# sender
# sender-email
# sender-ip
# sender-port
# endpoint-user-name
# endpoint-machine-name
# server
# server-name
# monitor
# monitor-name
# monitor-host
# monitor-id
# status
# incident-status
# acl
# acl-principalX (String representing the user or group to whom the acl applies)
# acl-typeX (String representing whether the acl applies to the FILE or to the SHARE)
# acl-grant-or-denyX (String representing whether the acl will GRANT or DENY the permission)
# acl-permissionX (String representing whether the acl denotes READ or WRITE access)
#
# X is the unique index to distinguish between mutliple acl entries,
# for example, acl-pricinpal1, acl-type1, acl-grant-or-deny1, acl-permission1
# If none of the above is specified only custom attributes are included into the parameter list.
com.vontu.api.incident.attributes.AttributeLookup.parameters=sender-email, file-owner
# Attribute Lookup output parameters
# A comma-separated list that specifies which parameters can be modified by lookup plug-ins. These parameters
# can be specified in lookup plug-in configurations and scripts using the same syntax as custom attributes.
#
# Acceptable value is any combination of the following literals:
# data-owner-name
# data-owner-email
#
com.vontu.api.incident.attributes.AttributeLookup.output.parameters=sender-email,file-owner,endpoint-user-name
# Lookup timeout in milliseconds.
com.vontu.api.incident.attributes.AttributeLookup.timeout=60000
# Automatic lookup.
# Specifies whether the lookup should be triggerred automatically when a new incident is detected.
com.vontu.api.incident.attributes.AttributeLookup.auto=true
# Automatic plugin reload.
# Specifies whether the plugins should be automaticaly reloaded every morning at 3:00.
com.vontu.api.incident.attributes.AttributeLookup.reload=false
# Lookup thread count.
# Specifies maximum number of threads for lookup.
# This setting should be greater than the thread-count of new-incident-commands configuration.
# See com.vontu.manager.command.newincident.new-incident-command.xml in manager.jar
com.vontu.api.incident.attributes.AttributeLookup.thread_count=5
# Live LDAP lookup configuration file
com.vontu.lookup.liveldap.LiveLdapLookup.properties = LiveLdapLookup.properties
# Csv Document Lookup configuration file
#com.vontu.lookup.csv.CsvLookup.properties = CsvLookup.properties
# Script Lookup configuration file
#com.vontu.lookup.script.ScriptLookup.properties = ScriptLookup.properties
# Data Insight Lookup configuration file
#com.vontu.lookup.datainsight.DataInsightLookup.properties = DataInsightLookup.properties
# Incident Response Action configuration parameters.
#com.symantec.dlpx.flexresponse.Plugin.plugins = plugin1.jar, plugin2.jar, etc...
com.vontu.enforce.incidentresponseaction.IncidentResponseActionInvocationService.maximum-incident-batch-size = 100
com.vontu.enforce.incidentresponseaction.IncidentResponseActionInvocationService.keep-alive-time = 60000
com.vontu.enforce.incidentresponseaction.IncidentResponseActionInvocationService.serial-timeout = 60000