Your Cloud Detector has not started receiving latest version of EDM index
search cancel

Your Cloud Detector has not started receiving latest version of EDM index

book

Article ID: 246373

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Service for Email Data Loss Prevention Cloud Detection Service for ICAP Data Loss Prevention Cloud Detection Service for REST Data Loss Prevention Cloud Detection Service

Issue/Introduction

You have updated an EDM index on your Enforce Server, and even though on-premises servers received the updated EDM profile, your Cloud Detection Servers have not.

Environment

Release : 15.7+

Component : Enforce Server and Cloud Detection Service

Cause

Logs from Enforce have the following entries.

MonitorController0.log shows the EDM failed with the following NullPointerException:

19-Jul-2022 10:10:09 com.symantec.dlp.services.profile.task.ProfileLoadingTask run
WARNING: An exception has been thrown while updating the profile cache for info source type 1
java.lang.NullPointerException
 at com.symantec.dlp.services.profile.reader.ProfileReader.getProfileDataItemForEDM(ProfileReader.java:210)
 at com.symantec.dlp.services.profile.reader.ProfileReader.getProfileDataItems(ProfileReader.java:170)
 at com.symantec.dlp.services.profile.reader.ProfileReader.getProfileDataItems(ProfileReader.java:129)
 at com.symantec.dlp.services.profile.reader.ProfileReader$$FastClassBySpringCGLIB$$49dbc9ed.invoke(<generated>)
 at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)

 

This error can occur in the following circumstance:

The Cryptographic Key that is associated with the original Source Data Profile that was created on Enforce is not matching the indexed data which was loaded in this index.

Resolution

To confirm if the key for the profile is correct, run the following query in SQLPlus, as the "protect" user:

SELECT ISV.Name, IIS.KeyAlias
FROM InfoSourceView ISV
JOIN IndexedInfoSource IIS ON iis.infosourceid = isv.infosourceid
WHERE IIS.KeyAlias not in (SELECT KeyAlias FROM cryptographickey)

 

The output should list all IndexedInfoSources (aka "EDM Profiles") that have a keyalias that is not found in the CryptographicKey table.

In a normal "good" environment, the result of the above query would be "no rows returned".

If there is a result for the EDM in question - that suggests the original profile was created by a different Enforce Server.

If that is the case, it's also likely that detection for on-premises servers will also fail, though they may not show the errors on the Enforce Server.

 

To correct this issue, create a new EDM Profile on the Enforce Server where you wish to include the EDM Data Profile and indices, then reindex the Data Profile.

When indexing, ensure the following:

  1. The Source Data Profile* was generated from the same Enforce Server now being used to load the index files.
  2. If using the RemoteIndexer, make sure its version matches the version of the Enforce Server as well.
 

Additional Information

*The Source Data Profile is also known as the "EDM Profile template" created on Enforce if using the RemoteIndexer process.

For additional details about it, see Workflow for remote EDM indexing (broadcom.com).

 

Powered by Wolken Software