Error message: "Invalid Token Specified" when adding the CDS connector to CloudSOC (aka "CASB").

DLP Cloud Detection Service (aka "CDS")

Symantec CloudSOC (aka "CASB")

"Invalid Token" can mean that the token provided has expired, however, the token provided for registering a DLP Cloud Detector with your CASB service is valid for 90 days.

DLP Support can help ascertain whether a token has expired, and can reissue a new token if one is required. 

It is worth noting that the old format was simply a GUID for each token. That was changed (in the spring of 2021), and a proper token for registration now also includes the DetectorID for the Cloud Detector:

<TokenGUID>:<DetectorID>

Contact DLP support if you have questions about the token not working for the CASB registration of your DLP Cloud Detector. 

There are a few token-specific errors which indicate an expired token, use of an incorrect token, or an incomplete profile on the DLP Cloud Detector (which also prevents registration in CASB for a new DLP Detector).

Here is a landing page for other errors which can occur when attempting to register a DLP Detector with CASB:

You receive an error using a token to connect your DLP Cloud Detector to CASB (broadcom.com)