ICDX DLP database query errors

book

Article ID: 198443

calendar_today

Updated On:

Products

ICDx Integrated Cyber Defense Exchange

Issue/Introduction

You see errors similar to the following in the Integrated Cyber Defense Exchange (ICDx) DLP connector logs:

Database query Discover Incidents: 3 failed. ORA-04063: view "INCIDENT_ACCESS.DISCOVER_CONDITION_VIOLATIONS" has errors
DLP DB Sensor - read sensor failed. {}
DLP DB Sensor - Terminating application with exit status 1 due to: Error in module DLP DB Sensor due to java.lang.Error: com.symantec.cas.ucf.sensors.ReadDeviceException: Database configuration error, caused by com.symantec.cas.ucf.sensors.ReadDeviceException: Database configuration error, caused by java.sql.SQLException: ORA-04063: view "INCIDENT_ACCESS.ENDPOINT_CONDITION_VIOLATIONS" has errors , caused by oracle.jdbc.OracleDatabaseException: ORA-04063: view "INCIDENT_ACCESS.ENDPOINT_CONDITION_VIOLATIONS" has errors

 

Cause

The Views tables have become corrupted.

Environment

Release : 1.4.1

Component : sdlp_col_dx

Resolution

To fix the Views tables run the Views setup script again. From the Views installation instructions from the Administration manual (Installing the Views Package on the Symantec Data Loss Prevention Database):

  1. On the ICDx server, navigate to the $SYMC_HOME/sdlp_col_dx-<version>/views directory.
  2. Copy one of the following folders to your DLP database server:
    • dlp_15_0 : This folder contains the SQL scripts to install the views at your DLP 15.0 database.
    • dlp_15_5 : This folder contains the SQL scripts to install the views at your DLP 15.5 database.
  3. Follow the instructions in $SYMC_HOME/sdlp_col_dx-<version>/views/README.txt to install the database views that are required by ICDx.

The pertinent part of the README.txt is:

  4.2. At the SQL prompt, run the setup.sql script:

    SQL> @setup.sql

    The script prompts you for the following information (the default values are
    shown in the square brackets):
      a. Please enter sid:
      b. Please enter username for the Enforce schema:
      c. Please enter password for the Enforce schema:
      d. Please enter username for the Incident Access schema[icdx_user]:
      e. Please enter password for the Incident Access schema:

Once the Views setup script is run, the database Views tables will be rebuilt. This will not affect any of the data that is collected or otherwise used by DLP.