Data Loss Prevention

 View Only

  • 1.  Configure Data Source Management on DLP

    Posted Dec 23, 2014 03:21 AM

    I want to pull data directly from Active Directory.

    Background:
    I had configured Directory Connection to our AD and Data Source Management, but the end result was negative.
    Hence, please advice how can I go about getting user's data from AD?

    Data Source Management.jpg

    So that when we look at an incident, DLP able to provide us the following attributes from both Default Attribute Group and Predefined.Attributes.jpg

     

     



  • 2.  RE: Configure Data Source Management on DLP
    Best Answer

    Broadcom Employee
    Posted Dec 24, 2014 10:26 AM
      |   view attached

    The import that you have in the first screenshot is for the user risk summary. For incidents you would use a LDAP lookup plugin to add this data. Instructions for configuring the LDAP lookup plugin are in the admin guide starting on page 1122 (12.5 version of the guide). A sample of the format is attached

    Attachment(s)

    txt
    DLP Lookup Script.txt   1 KB 1 version


  • 3.  RE: Configure Data Source Management on DLP

    Posted Dec 25, 2014 09:42 PM

    Hi John,

    I see, I thought I can get user's information directly from Data Source management.

    Please tell me from Data Source management, the correct syntax for AD Custom Filter, I can enter to retrieve user's information. As the one I had configured failed to retreive any information.

    (|(&(sAMAccountType=805306368)(sAMAccountName=-*))(&(sAMAccountType=805306368)(sAMAccountName=_*)))