You want to know the steps required to update DLP Cloud Detection Servers in CASB or WSS systems
search cancel

You want to know the steps required to update DLP Cloud Detection Servers in CASB or WSS systems

book

Article ID: 171939

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Detection Service CASB Audit CASB Gateway Advanced Data Loss Prevention Cloud Package

Issue/Introduction

You have one CASB and/or WSS hosted environment each, either or both of which are currently sending data to a particular DLP Cloud Detection Server (aka "Detector").
You want to now have your CASB and WSS systems send the data to a different Enforce and/or Cloud Detector.

E.g., you wish to have CASB and/or WSS systems sending data to PROD instead of QA/DEV.
This KB is to verify the steps taken, as confirmed via casework.

Environment

  • 2 Enforce Server environments, each with a separate Cloud Detection Server (e.g., one environment is in QA/DEV and another one is in Production)
  • 1 WSS environment only
  • 1 CASB environment only

Cause

If these changes are not performed correctly, the alerting system for DLP Cloud Operations will be triggered when hosted CASB or WSS systems are still associated with the old DLP Cloud Detection Server.

Resolution

Steps customers would take to convert existing Cloud Detection Server in integrated systems.

NOTE: the below changes are when there are no Enforce Server changes to make - that is, your Cloud Detection Server is already enrolled with the correct Enforce Server (QA/DEV/PROD/etc), but you had previously associated a different Cloud Detection Server with your sole hosted instance of WSS and/or CASB CloudSOC.

For WSS, this is as simple updating the "Symantec URL" and "Detector ID" fields in the WSS portal:


 

Note that the "Symantec URL" is provided as part of your Welcome Email when received with the Enrollment bundle. It can also be requested from technical support teams.



 
For CASB - the steps vary depending on the management type for your cloud service:

A. If you have an "Enforce-Managed" Cloud Detector:

  1. From within your CASB CloudSOC server console: "Settings > Data Loss Prevention", you need to remove the appliance entry. Note, there is an option to "De-Activate" but in this case you need to "Remove Appliance".
  2. After which, Support will be able to issue a new TOKEN for registration of DLP CDS with your "new" CASB Tenant.

NOTE: Support can generate a new token AFTER the above steps have taken place.

B. If you have a "Cloud Managed" Cloud Detector, you need to contact technical support to have any changes to the registered detector in your CloudSOC console.

 

Powered by Wolken Software