ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CloudSoc Securlets show Sync Failure in DLP when 2 REST Detectors are present

book

Article ID: 186451

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Detection Service

Issue/Introduction

After a second Cloud Detector has been added to Enforce, and one or more Securlets have been added (e.g., Office 365 OneDrive and SharePoint)., the Sync to CloudSOC operation is not successful.

When selecting Manage > Application Detection > {configuration} > Sync to CloudSOC, the "sync" operation changes to "Sync Pending" then "Sync Failure".
This failure only shows itself on the Application Detection page (i.e., not visible anywhere else, such as the System > Servers > Overview).

Cause

  1. The DLP Cloud Detection Service which integrates with a customer's Custom REST API Client, is one type of REST Detector.
  2. The DLP Cloud Detection Service which integrates with the CASB solution (aka the CloudSOC, formerly known as Elastica) is another type of REST Detector.

There can only be one REST Detector enrolled with any one Enforce Console - this is by design. 
Having 2 of them creates conflicts as the Cloud Service Gateway cannot distinguish between 2 REST Detectors when both are installed in the same Enforce server - so the filters which are responsible for detection will fail to load properly.

A single Cloud Detector can handle requests from BOTH types of client simultaneously, and will auto-scale to meet demands on the service.

Environment

Release : 15.5

Components: DLP Cloud Detection Service (CDS), aka a REST Detector

Resolution

For any customer who is already using the Cloud Detection Service for their REST API Client, a second Cloud Detector (i.e., for monitoring data from the CloudSOC) is not needed.
The same is true vice versa - customers who have already enrolled their Enforce server with the Cloud Detection Service for the CloudSOC do not need a second Detector for their REST API Client.

If a second CDS for REST has been installed in the same Enforce Server - you will likely have connection errors that will require you to contact support to assist in restoring the service.