CloudSOC and External DLP events for Onedrive and Sharepoint activities are delayed several hours before showing up as an Activity or Incident.
High latency is causing strain on bandwidth resources and take longer than 6 hours to be processed.
Error TOO MANY REQUESTS
Rate limits are generally expected during the initial scanning as the Securlet is issuing multiple API calls simultaneously to process documents/sites from the SaaS.
Additionally, Microsoft began throttling API traffic in 2017 as outlined in MS Blog and the throttling was recently increased this year.
Note: CloudSOC is working as designed, for it is pulling the API's as configured from the cloud applications, but is being throttled on the application side.
Confirmed Microsoft upgraded application server farms to send load based rate limits and lifted some restrictions they put in place while the Symantec Development Team made optimization changes within CloudSOC processes to help prevent these throttling delays.
Additional solutions proved to help relieve latency in some environments: