Data Loss Prevention

Hi Support,

We found only that incidents in email prevent and Network monitor (SMTP) can perform Live Ldap (AD) lookup only. But incidents in other detection servers (Endpoint server, Network Discover, Network Monitor (other protocols beside SMTP) and Network prevent for Web) cannot perform Live (AD) lookup.

Pls advise.

Best Regards,

Sunny

Sunny,

It sounds like you may need to update your Live AD lookup script for other protocols / products. 

The message/file/machine you are monitoring needs to provide an attribute that is then submitted to AD to lookup additional information about that user.  If the message does not provide information about the user (e.g., Telnet transmissions) or the information provided about the user does not exist in AD, then an automated lookup is not possible. 

For example, in our environment we capture the email sender as input to the lookup for SMTP and the file owner as the input for LAN files (detected during a data at rest scan).  Our lookup script defines what the input varilable is based on the type of incident.