Sync Failure after adding Microsoft Teams Securlet in Enforce console

book

Article ID: 171627

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Detection Service

Issue/Introduction

Utilizing the listed options for adding a new Elastica Securlet for monitoring in the DLP Enforce UI, you find that it is not completing its "sync" successfully.

"Sync Failure" shows up when the "Sync to CloudSOC" operation completes.

Cause

There are a few Securlets which were NOT supported for Application Detection, despite being included in the v15.0-15.5 list of apps.

At that time of earlier releases of the 15.0-15.5 GA, the following Securlet was in "Beta" in Elastica CloudSOC - and therefore invalid for DLP Cloud Service integration:

  • Facebook Workplace

As of 15.7 however, Facebook Workplace is a valid Securlet.

Currently, the following is still not a valid Securlet (as of December 2020):

  • Microsoft Teams

While there is a Gatelet for Microsoft Teams, it is not currently supported for DLP detection.

Environment

  • DLP Enforce v15.0-15.5, with Cloud Detection Server
  • Elastica CloudSOC integration

Resolution

Remove any unsupported apps, then re-click the "Cloud Sync" option in the UI.

FYI - although the Cloud Detection Server cannot monitor "MS Teams" activity via that Securlet, content shared via the application is picked up via O365 Securlet, where the file is shared via a path in SharePoint.