Incidents are not being created as expected on DLP endpoints over HTTPS channels when using IP filter exclusions in a recipient pattern
search cancel

Incidents are not being created as expected on DLP endpoints over HTTPS channels when using IP filter exclusions in a recipient pattern

book

Article ID: 174903

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent

Issue/Introduction

  • You have a policy that should create an incident on a DLP endpoint via https channel, however, none is created.
  • You receive incidents on the same policy when testing the same data on the http channel
  • You are using IP addresses as an exclusion filter criteria

Environment

15.5 MP1

Cause

The IP address exclusion list in the recipient pattern is terminated with a comma, instead of ending with the last IP address value only:

Resolution

Removing the comma at the end of the IP address exclusion list in the recipient pattern and saving the policy resolves the issue.

This behavior will be fixed in a later version of the DLP product.

Attachments

Powered by Wolken Software