Cloud Detector isn't creating incidents as expected in EDM policy

book

Article ID: 242214

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Service for Email

Issue/Introduction

You are testing detection and can see that you DLP Cloud Detector isn't correctly applying response rules for policies using EDM conditions.

If you change the policy and set to match a keyword, for example, the response is executed.

 

Cause

Corrupt indexes can prevent the Cloud Service from successfully loading a profile, interfering with incident response.

Environment

Release : 15.8

Component :

Resolution

Confirm that your EDM indexes are being completed without any errors.

In some cases, corrupt index profiles (or profiles indexed from an EDM profile created on a different source Enforce Server) will fail to load properly on the Cloud Service.

This issue is described in the following KB: New Cloud Detection or Cloud Email server added to DLP is not detecting any data uploads or accepting emails (broadcom.com).

Additional Information

Check whether any alerts about your Cloud Service have been sent to the email address of your Cloud Service admin.

Failing indexes that cause issues with your service may result in alerts sent by the DLP Cloud Operations Team at Broadcom.

 

Attachments