Jonny,
There might be a way to do this.. but it will take some testing.
Make sure that you have the settings for your lookups to pass incident data
You will need to increase the logging on the Enforce server and then look at some of the logs for the information.
1. System > Servers and Detectors > Logs
Change the Enforce server Log settings to - Custom Attribute Lookup Logging
2. Go to an Printer based incident (do this on a few different events)
Click on the button to Lookup Attributes
3. System > Servers and Detectors > Logs
Change the Enforce server Log settings to - Restore Default Logging
4. Pull the logs from the Enforce Server (24Hours Only)
Look in the IncidentPersister or other log.. you will see an attribute list of all of the details in the events. It should have the Attribute=value for each setting. Find the one with the printer name and use that variable.
------------------------------
Good Luck. - RP
PLEASE MARKED SOLVED WHEN POSSIBLE
------------------------------
Original Message:
Sent: Jan 23, 2023 04:18 PM
From: Jonny Brown
Subject: Add Printer name variable into incident email
I'm wanting to add the printer name into the incident email details when the policy is violated. I can see that this is recorded somewhere in the DLP tool as the incident details includes the printer name. However it does not seem possible to generate an email with this variable.
I understand it was asked previously in this thread but with no outcome: https://community.broadcom.com/symantecenterprise/communities/community-home/digestviewer/viewthread?MessageKey=57dd78d3-2d53-4ac3-8995-d5375134918d&CommunityKey=65cf8c43-bb97-4e96-ae0b-0db8ba1b4d07&tab=digestviewer#bm57dd78d3-2d53-4ac3-8995-d5375134918d