Integrated Cyber Defense Exchange collectors for Email Security .cloud halt occasionally

book

Article ID: 206325

calendar_today

Updated On:

Products

Integrated Cyber Defense Exchange ICDx

Issue/Introduction

You notice that an Integrated Cyber Defense Exchange (ICDx) Email Security .cloud collector stops after running correctly for some time. You are also able to restart the collector successfully without issue.

Cause

The collector is stopping due to an unrecoverable request when it receives a 401 response from the Email Security .cloud service API.

Looking in the collector logs, you see an error similar to:

2020-11-21 14:32:13,348 [shutdown] ERROR com.symantec.lib.app.SimpleModule - Email Security.cloud Module - Terminating application with exit status 1 due to: Unrecoverable failed request: 401
Double-check settings:
    * Start Date/Time: "2020-11-18T10:10:00.000Z"
    * Calculated UTC-based Start Date/Time: "2020-11-18T10:10:00Z"
    * Username: sesc-username
    * Password (not shown)
    * Data Feed: all
      Full Data Feed URL: https://datafeeds.emailsecurity.symantec.com/all
    * Read Interval (ms): 30000
    * Idle Interval (ms): 300000
    * Use Proxy: true
2020-11-21 14:32:13,369 [Interrupt signal hook] INFO  lifecycle - The service has stopped

Environment

Release : 1.4

Component : sesc_col_dx

Resolution

Broadcom is investigating this issue. We have had some indication that it may be related to outages from the Email Security .cloud service, such as with Maintenance periods.

It is recommended to Subscribe to the Email Security .cloud service status updates:

https://email-security.status.broadcom.com/

If an alert reported, it is possible that the collector will halt, so subscribing to the alerts will provide awareness of when the issue may occur.

This article will be updated when we have more information to provide.