You notice that an Integrated Cyber Defense Exchange (ICDx) Email Security .cloud collector stops after running correctly for some time. You are also able to restart the collector successfully without issue.

Release : 1.4

Component : sesc_col_dx

The collector is stopping due to an unrecoverable request when it receives a 401 response from the Email Security .cloud service API.

Looking in the collector logs, you see an error similar to:

2020-11-21 14:32:13,348 [shutdown] ERROR com.symantec.lib.app.SimpleModule - Email Security.cloud Module - Terminating application with exit status 1 due to: Unrecoverable failed request: 401
Double-check settings:
    * Start Date/Time: "2020-11-18T10:10:00.000Z"
    * Calculated UTC-based Start Date/Time: "2020-11-18T10:10:00Z"
    * Username: sesc-username
    * Password (not shown)
    * Data Feed: all
      Full Data Feed URL: https://datafeeds.emailsecurity.symantec.com/all
    * Read Interval (ms): 30000
    * Idle Interval (ms): 300000
    * Use Proxy: true
2020-11-21 14:32:13,369 [Interrupt signal hook] INFO  lifecycle - The service has stopped

Broadcom is investigating this issue. We have had some indication that it may be related to outages from the Email Security .cloud service, such as with Maintenance periods.

It is recommended to Subscribe to the Email Security .cloud service status updates:

https://email-security.status.broadcom.com/

If an alert reported, it is possible that the collector will halt, so subscribing to the alerts will provide awareness of when the issue may occur.

This article will be updated when we have more information to provide.