Securlet not generating incidents from DLP Enforce policy
search cancel

Securlet not generating incidents from DLP Enforce policy

book

Article ID: 175089

calendar_today

Updated On:

Products

CASB Security Standard CASB Security Premium CASB Security Advanced CASB Securlet SAAS CASB Securlet SAAS With DLP-CDS

Issue/Introduction

 A specific Securlet is not triggering incidents from a DLP policy.

Resolution

Follow these steps to troubleshoot this issue.

  • Check that Securlet generates normal "Supported Activities" shown in Tech Doc  in CloudSOC Investigate (Eg. login, logout, upload, download)
  • If No Events at all are generated within approximately 6 to 24 hours - troubleshoot the CloudSOC Securlet.
  • If Yes Events are seen - Create a very simple DLP Enforce policy to trigger a keyword match.
  • Re-sync the Securlet by following these steps.
    • Rebuild the "CloudSOC Securlet" application detection scan filter
    • Recycle the Monitor Controller
    • Give the re-sync about 12 hours to run
  • After time for re-sync, attempt to trigger the simple keyword policy

The re-sync should solve the problem. If it does not log a case with DLP Enforce to troubleshoot DLP CDS Cloud connector issues.