Follow these steps to troubleshoot this issue.
- Check that Securlet generates normal "Supported Activities" shown in Tech Doc in CloudSOC Investigate (Eg. login, logout, upload, download)
- If No Events at all generated within approximately 6 to 24 hours - troubleshoot the CloudSOC Securlet
- If Yes Events are seen - Create a very simple DLP Enforce policy that will trigger on a keyword match.
- Re-sync the Securlet by following these steps.
- Rebuild the "CloudSOC Securlet" application detection scan filter
- Recycle the Monitor Controller
- Give the re-sync about 12 hours to run
- After time for re-sync attempt to trigger the simple keyword policy
The re-sync should solve the problem. If it does not log a case with DLP Enforce to troubleshoot DLP CDS Cloud connector issues.