Cloud Detection Service for REST API with error for Scan Filter is not receiving detection requests

book

Article ID: 193702

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Detection Service Data Loss Prevention Cloud Detection Service for REST

Issue/Introduction

You are not getting detection requests from Web Isolation or other Custom REST Client in your DLP Cloud Detector.

When configuring the DLP Cloud Detector with a Custom REST Client, such as Web Isolation, you are required to add 3 details:

  1. Detector ID:  This refers to the DetectorID as provisioned, and should have been sent with your Enrollment Bundle in the Welcome Email.
  2. Detector FQDN: E.g., https://<DetectorID>.ds.dlp.protect.broadcom.com/v2.0/DetectionRequests" - also sent in Welcome Email.
  3. Rest Connector GUID.

For item #3, it's likely that your Detector was initially provisioned as a "Cloud Detection Service" for integration with a CloudSOC Tenant (aka the CASB product) - so you would have been sent a Token with your Welcome Email.

That is not the correct GUID, and will cause the following error returned to your client:

External scanning service error: Symantec Data Loss Prevention returned the following statusCode 428, responseBody:{"messageId":"filterNotFound","message":"No filters could be matched. Filter Id (<your-token-here> ...) 

Cause

Firstly, it may be this Cloud Detector was not provisioned correctly. If your Welcome Email included a Token for your Cloud Detection Service, you first need to contact support to have it converted to a Custom REST Client.

Once that is done, note that the "Rest Connector GUID" is specifically NOT the same GUID as the Token used in Elastica for registering a DLP Detector. See below for instructions to obtain it.

Environment

Release : 15.5

Component :

Resolution

  1. After enrolling your Cloud Detector for your Custom REST Client in your Enforce Server, go to Manage > Application Detection in the UI.
  2. Click the plus icon for a "New configuration".
  3. The correct "type" of application for a Custom REST Client is "Cloud Detection API Service". See the screenshot below for exact detail.
    • If that is not set correctly, change the configuration as above.
  4. The "Application" name can be anything for this type of configuration, but a name is required in this field.
  5. Save the configuration.
  6. In the list of configured apps, click back into the link that was just saved or created.
  7. There will now be an "ID" listed in the first field in the configuration window. THAT is the Rest Connector GUID required - i.e., if you are configuring Web Isolation.

Additional Information

Attachments