search cancel

Error: "Appliance with similar connection parameters is already added" when creating new DLP Cloud Detection Service entry in the CloudSOC

book

Article ID: 202256

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Detection Service Data Loss Prevention Cloud Detection Service for REST Data Loss Prevention Cloud Package Data Loss Prevention

Issue/Introduction

When creating a new Data Loss Prevention (DLP) Cloud Detection Service entry in the CloudSOC, the following occurs:

  • After clicking save the first time, the UI closes without error, but no appliance shows up under the "Configured Enforce Managed DLP Systems" section.
  • When creating an entry subsequent times, you receive a pop-up error stating "An appliance with similar connection parameters is already added." However, no appliance shows up when going to Settings > Symantec DLP UI.

Cause

There is more than one option for adding an "appliance" in the CloudSOC UI. In this case, you may have selected the wrong option. For example, "Symantec" is not a valid vendor.

Resolution

  1. In the Vendor drop-down, select "Symantec DLP Cloud."



  2. Under Connection Parameters, use the "Token" for registering an existing DLP Cloud Detection Server.

Additional Information

Content IQ (CIQ) in the CloudSOC

During the next steps, as per the Using CloudSOC CASB with Symantec DLP Cloud guide, you need to "Activate" and "Connect" the DLP appliance.

However, when trying to "activate" it after previously using only Content IQ (CIQ) in the CloudSOC, you may be presented with a new notification:

Upgrade to Enforce Managed DLP

Clicking 'Confirm' indicates you are converting your tenant to Enforce Managed DLP. There is no way to undo this action.

This is what integrating with the "Enforce Managed DLP" looks like in the CloudSOC if you converted from CIQ to the Global Detector, if you never had a DLP "External Appliance" integrated with your CloudSOC.

In some instances, it may make sense to cancel the "Activate" option. The CDS will still be listed, but not activated.

Note: If the entry is removed from the CloudSOC UI, a new token for registering is required (available from Support).

Thus, this install would be running with the previously configured CIQ policies, except that these are now limited to what remains of the CloudSOC CIQ, post-transition. 

For reference, see the advisory ContentIQ Deprecation, and Changes to CloudSOC Content Inspection. At the bottom of this advisory, note how previously configured CIQ content needs to be modified for anyone who is using the "Global Detector" option, instead of moving to "Enforce Managed DLP":

See About Transitioning from ContentIQ to Symantec DLP.

Attachments