Your Cloud Service for Email is generating 3X incidents for each file tested
search cancel

Your Cloud Service for Email is generating 3X incidents for each file tested

book

Article ID: 255375

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Service for Email

Issue/Introduction

You are sending test messages with files containing sensitive information, and these appear to be generating multiple DLP incidents - one for each recipient.

Environment

Release :

All supported releases of the Cloud Service for Email

Cause

Firstly, be sure that Incident Reconciliation has been enabled for the DLP Enforce Server, as per Enabling incident reconciliation (broadcom.com).

If that is enabled, it has been seen with one customer that a misconfiguration in the Gmail settings can cause this result.

In the Gmail admin interface, aka "Google Workspace", there are 2 basic types of configurable routing:

  • Apps > Google Workspace > Gmail > Default Routing.
  • Apps > Google Workspace > Gmail > Routing

 

And as per Google documentation, "Default routing" is somehow only for inbound messages:

"As an administrator, use the Default routing to set up how inbound email is delivered for your organization."

Resolution

The DLP Help Center topic specifically directs users to the "Routing" settings:

  1. Go to Apps > Workspace > Gmail > Settings for Gmail.
  2. Click the Routing panel.
  3. Scroll down the page to locate the Routing section.

Configuring Google Workspace Gmail to send outbound emails to Cloud Service for Email (broadcom.com)

Basically, for unexpected issues with mail routing and handling, ensure that you the DLP host has been configured via the "Routing" option.