You are using 1 or more Cloud Detectors, and have previously integrated it with a WSS tenant, aka the Cloud Web Proxy.
You currently have a second Detector for REST, integrated with the CloudSOC solution (Elastica CASB).
It is also observed, in the "Manage > Application Detection" section of the Enforce UI, that a "Sync pending" status never completes successfully.
Release : 15.8 and earlier
Component : Enforce
The MonitorController0.log may reveal the following:
=========================================================================================
May 7, 2020 8:33:28 PM com.symantec.dlp.communications.applicationcommunicatorlayer.ApplicationCommunicatorActivityNotifiableImpl onRetryUponRecoverableApplicationException
WARNING: OnRetry after encountering a recoverable applcation exception for com.symantec.dlp.co[email protected]2bef934e and the replicatorId is Replicator(21,'SPI_RESPONSE'). Will retry in 10 seconds.
May 7, 2020 8:33:38 PM com.symantec.dlp.communications.applicationcommunicatorlayer.HomogeneousReceiverApplicationCommunicator$HomogeneousReceiverDataAcceptor$ApplicationProcessingTask run
WARNING: Unexpected exception occurred for com.symantec.dlp.co[email protected]2bef934e
org.springframework.dao.IncorrectResultSizeDataAccessException: query did not return a unique result: 3; nested exception is javax.persistence.NonUniqueResultException: query did not return a unique result: 3
=========================================================================================
There is a defect in the hard-coding of the ScanFilterGUID for the Cloud Web Proxy entry which is scheduled to be fixed in a coming release of DLP.
Use the following SQL query to confirm the issue:
SET COLSEP |
SET PAGESIZE 10000
SET LINESIZE 115
SET TRIMOUT ON
SET WRAP OFF
SELECT RESTCONNECTORID,ISDELETED,SCANFILTERGUID,FILTERNAME FROM RESTCONNECTOR WHERE SCANFILTERGUID='bluecoatwss';
The result should appear similar to the following output:
In the above example, there have been 3 "Cloud Web Proxy" configurations, each saved and deleted from the Enforce UI - and these all have the same value for the SCANFILTERGUID ("bluecoatwss"), when there should only be 1.
This issue only occurs if more than one of them was created, and deleted, such that there are at least 2 "bluecoatwss" entries stored in the database.
The following steps should correct the issue.
Recreating a previously deleted Cloud Web Proxy configuration as a Cloud Detection API Service type:
To prevent this issue recurring, do not add any "Cloud Web Proxy" configurations in the Application Detection settings.
The new DLP Cloud Detection Service for WSS ("CDS for WSS", which uses ICAP) does not use this method to assign policies - instead, use the "System > Servers and Detectors > Policy Groups" configuration to send policies to a WSS Cloud Detector.