Will cloud email prevent policies also be applied to other detectors, such as CASB, if they are in the same policy group?
search cancel

Will cloud email prevent policies also be applied to other detectors, such as CASB, if they are in the same policy group?

book

Article ID: 225755

calendar_today

Updated On:

Products

Data Loss Prevention

Issue/Introduction

Any detector assigned to a policy group will attempt to load any/all policies assigned to it. 

   

Environment

Release : 15.x.x / 16.x.x

Component : Any

Resolution

Its considered best practice to separate policy groups based on detection types. If you have a policy group assigned to both Email and WSS/CASB detectors, then the policy and response rules will get assigned to both. Since most response rules should only be assigned to specific detector types, it will have issues handling the response rules, which can impact policies/performance.  

 

Create a policy group only for CASB data-at-rest policies, and assign it only to the CASB detector. Do this for WSS, Email, and endpoint as well. 

Additional Information

Update: The Engineering teams have released an update to the Cloud Services that is expected to change this behavior.

The permanent fix has been applied on the Cloud Detection Service, as per the Advisory: 

Some policies fail to trigger with Cloud Detection Service (CDS) after upgrading to DLP 16.0