search cancel

CloudSOC SpanVA is in a Degraded State

book

Article ID: 252781

calendar_today

Updated On:

Products

CASB Securlet SAAS

Issue/Introduction

Client's SpanVA is in "Degraded" State

Client notices themselves or Audit Engineering ran a SpanVA health check - and CASB Support notified Client 

 

Resolution

Some common causes for SpanVA degraded state.

1. SpanVA to CloudSOC log upload failures due to corporate Network/FW restrictions not allowing required connectivity to GCP URL:

https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/symantec-cloudsoc/cloud/spanva-home/allow-listing-urls-and-verifying-spanva-connectivity.html

2. SpanVA resources (CPU/Mem/Disk) may be insufficient for amount of logs being fed from multiple data sources. (over utilized example)

https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/symantec-cloudsoc/cloud/spanva-home/monitoring-spanva-operation/checking-spanva-status/spanva-view-operation-stats.html

3. Issue with format of logs from one or more data sources:

https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/symantec-cloudsoc/cloud/audit-home/data-source-management.html

4. Above list is not all inclusive. Just some of the most common reasons. Coordinate with CASB Support if above does not help resolve issue.

 

Attachments