The IBM Security QRadar SIEM is throwing an exception: Waiting for files to process - Unable to find an active BlueCoat WSS Rest API query thread.
Cloud SWG Rest API
IBM Security QRadar SIEM
Corrupted zip files, generated by Cloud Secure Web Gateway (SWG) API can result in events from any affected Log Sources not being ingested and therefore parsed by QRadar.
A corrupted zip can occurred due to an internal problem with the Cloud SWG Rest API, however, the client (QRadar) needs to have the ability to recover from such events.
If the client cannot recover from these types of events automatically, the data feed needs to be restarted manually.
To restart the data feed, collect the logs from /var/log/qradar.log and open a case with IBM Security support.
Reference: IJ25140: BlueCoat Web Security Service logs can fail to be ingested and parsed by QRadar due to corrupted zip files.