Data Loss Prevention

Hi,
Please after configuring directory connection and an LDAP lookup plugin, when an incident occurs, the lookup plugin is not retrieving user details or managers detail of a user. Please any support on this

Hello,

There is an option where you can configure the logs to set the debugging level for plugins and that is what needs to be done so we can see exactly what is happening. 

Also make sure the LDAP Lookup script is correct to pull up the information

Are you using the correct AD attributes?  If there is any case sensitivty you need to match that as well.

Post here any updates

Please check below points to troubleshoot an LDAP Lookup plugin

1] If the plugin does not save correctly, verify the configuration.
Before using the LDAP Lookup Plugin you should test the connection to the LDAP server. You can use a lookup tool such as the Softerra LDAP Browser to help confirm that you have the correct fields defined.

2] Make sure that the plugin is enabled.
3] Make sure that you created the Custom Attribute definitions.
   In particular, check the attribute mapping. The attribute names must be identical.

4] If you made changes, or edited the lookup parameter keys, reload the plugin.
5] Select Incidents > All Incidents for the detection server you are using to detect the incident.
6] Select (check) several incidents and select Lookup Attributes from the Incident Actions drop-down menu. (This action looks up attribute values for all incidents for that form of detection.
7] Check the Incident Snapshot screen for an incident. Verify that the Lookup Custom Attributes are filled with entries retrieved from the LDAP lookup.
8] If the correct values are not populated, or there is no value in a custom attribute you have defined, make sure that there are no connection errors are recorded in the Incident History tab.
9] Check the Tomcat log file.