Files are created in the outgoing folder on the Discover scanner but no incidents show up in the Enforce UI

book

Article ID: 160445

calendar_today

Updated On:

Products

Data Loss Prevention Network Discover

Issue/Introduction

Files are created within the Job0 folder and incidents are being created within the outgoing folder. Once scanning is cancelled using CTRL+C, there will be no incidents showing in the UI. 

Resolution

Relevant Versions: 8.0 and up

Scenario:

The Discover Scanner creates files within the Job0 folder and incidents are being created within the outgoing folder. Once the scanning is killed via CTRL+C, then you go to the UI and hit the start, none of the incidents are shown in the UI.

Cause/Resolution:

The files in the outgoing folder on the Discover Scanner are batches of messages.  They are not yet regarded as incidents.

If you start the scanner as-is, it will clean out all the working directories (deleting everything in /outgoing).  If you set it to incremental (in the scannercontroller.properties file) and then start the scanner, it will continue processing the files in /outgoing. 

If there are incidents, they should be pushed to the Enforce server by the Discover Server.