The Data Loss Prevention dashboards in Information Centric Analytics (ICA) Risk Fabric console do not show any incident counts or details, or they display a count lower than expected. The Analyzer returns a count of DIM incidents, but fewer than expected, and potentially none over the last n days. The RiskFabric Processing and RiskFabric Intraday Processing jobs are running successfully without any failures, and the Symantec DLP integration is operational, with staging queries executed against the DLP database through the integration's linked server successfully returning incidents.

Release : 6.x

Component : Symantec DLP Integration Pack

This condition can be caused by a rollback of the Symantec DLP database to an earlier snapshot or backup, resulting in new incidents being created and assigned incident IDs that match those that had previously been ingested by ICA. Under these conditions, ICA may process these records as updates to existing incidents rather than as new incidents.

This condition is resolved by purging the data previously ingested from the DLP linked server and then re-processing the DLP data source. Contact Broadcom support for assistance.