We had a similar problem and we ended up just changing the CSV to match the field that DLP is reporting.  You don't seem to be able to modify the internal DLP fields and pass them to the plugin.  You could use a custom identifier to pass between the plugins.

Jeremy

Hey Jsneed.

That was the first thing I tried to fix.  Unfortunately, the field that I'm trying to key off of is the "sender" attribute.  Normally, this field is populated with an email address.  So, my CSV uses that field for email address lookups on network (email in transit) incidents.  For HTTP Network events, this field gets populated with ICAP data back from our Bluecoat proxies.  So, I couldn't use that.  The only thing I could figure out to do was to use a script to strip out everything except the user name so I could forward that to my CSV and LDAP lookups.  Actually, in the interim, bob_b helped me out and we now have a vbscript that strips out that data and leaves the username.  You can then forward that to whatever field you want to use as a key for another lookup in the execution chain.  Here's the script:

Option Explicit

On Error Resume Next

Dim i
Dim objDict
Dim myArray
Dim dictResults

Set objDict     = CreateObject("Scripting.Dictionary")
Set dictResults = CreateObject("Scripting.Dictionary")

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Get Arguments
For i = 0 to Wscript.Arguments.Count - 1
 myArray = split(Wscript.Arguments(i),"=",-1,1)
 objDict.Add myArray(0),myArray(1)
Next

'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
If objDict.Exists("sender-email") Then
 If objDict.Item("sender-email") <> "" Then
 'Sample input data
#This next line is where the magic happens.  "File Owner" is a custom attribute that I built in to DLP and have in my CSV file.  You can use whatever you want.  You just have to create the attribute and make sure it's in the correct properties files.  The output gets used as the key in the next lookup in the chain, which in my case is a CSV lookup.
 'WinNT://DOMAIN/username
  dictResults.Add "File Owner", Mid(objDict.Item("sender-email"),InstrRev(objDict.Item("sender-email"),"/")+1)
 Else
  'oOutputFile.WriteLine "sender-email is empty"
 End If
Else
 'oOutputFile.WriteLine("sender-email item does NOT exist")
End If

If dictResults.Count > 0 Then
 Call DisplayResults()
End If

WScript.Quit(0)
 
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub DisplayResults()

Dim myArray
Dim i
Dim strValue

 myArray = dictResults.Keys    ' Get the keys.
 For i = 0 To dictResults.Count - 1 ' Iterate the array.
  strValue = dictResults.item(myArray(i))
  'strValue = "" & strValue & ""
  wscript.echo myArray(i) & "=" & strValue
 Next
 
End Sub

So, this script will strip away "WinNT://DOMAIN/username" and leave you with "File Owner=username".  Again, you can change the attribute "File Owner" to whatever you wish.  Just keep in mind that it will be used as the key for the next lookup.  Many thanks are directed to bob_b.  He really hammered this one home.

Good luck!