You have noticed that incidents from the Cloud Service are not reaching your Enforce Server console, and there is frequently an Incident Queue.
Restarting the DetectionServerController service appears to temporarily address the issue.
Release : 15.8 MP2 or earlier
The SymantecDLPDetectionServerController service on the Enforce Server - aka the MonitorController service - is the service which coordinates data shipping to and from all Detection Servers, including Cloud Detectors.
Although it's possible to improve performance by increasing memory allocated to the service, there are also some known issues affecting the Enforce Server services, in versions prior to 15.8 MP3.
Apply 15.8 MP3 to obtain specific fixes described below.
The first fix is most significant as it corrects an issue with connectivity to the Cloud Service:
CRE-10171 -- The DetectionServerControllerService service sometimes lost the
connection to the Cloud Service Gateway during a local Oracle
database outage and then failed to reconnect later. You had to
restart the DetectionServerControllerService to reestablish the
CRE-10054 -- Failed database connections used by the Enforce Manager,
Incident Persister, and DetectionServerController services were
not removed from the database connection pool which resulted in
connection pool exhaustion and service outages until the affected
services were restarted.
CRE-10105 -- Applied a fix for the Oracle ojdbc7.jar driver issue
20960881 that caused a java.net.IOException
Checksum fail exception which affected several key services.
The above details are given on p. 6-7 of the release notes:
DLP version 15.8 is supported until the end of calendar year 2023, as per this advisory: End of Service dates for Symantec Data Loss Prevention.
Broadcom Technical Support strongly recommends applying this patch to 15.8 as soon as possible.