search cancel

DLP Event Code 2317 - Failed to send incident email notification

book

Article ID: 175944

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Enforce

Issue/Introduction

Event Code 2317 - Failed to send email notification is seen in the DLP Enforce Console. The event is a Warning type event and the detail field will read. "Email notification was not sent for Incident xxxx and Policy xxxxxxxx. No recipients specified for incident notification."

 

Event Code 2317

From the Enforce tomcat localhost log you will see the same message. The message will look similar to the following:

10 Sep 2019 08:57:23,635- Thread: 1006 WARNING [com.vontu.enforce.domainlayer.events.system.SystemEventLogger] Failed to send incident email notification. Email notification was not sent for Incident "9242" and Policy "Americas PII (DCM)". No recipients specified for incident notification.

 

In addition from the History tab of the Incident snapshot page in the Enforce Console you will see the following message:

"No recipients specified for incident notification."

Environment

DLP 15.5 and beyond

Cause

The issue is caused when an Automated or Smart Response Rule with a "Send Email Notification" action with the "Sender (SMTP Incidents Only)" box is checked is triggered for a non-SMTP type incident.

Resolution

The events can essentially be ignored because for all SMTP incidents the email should be sent out and for all non-SMTP incidents there is no way to send out an email anyway.

It is also recommended to add the condition "incident type" to the response rule so that this response rule is only triggered when a network incident type is being used. 

Another option is to use CBRW and data-owner/data-owner-email for notifying end users they have incidents to remediate.

Attachments