In our Sandbox CASB tenant the Slack Securlet  is not generating expected events & activities, nor triggering DLP Enforce Policy Violations

Client had reactivated Slack Securlet recently. Worked with Client to go through all Slack Securlet pre-requisites listed in the Slack Tech Doc below.

https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/symantec-cloudsoc/cloud/securlets-home/slack-securlet-intro/slack-securlet-prereqs.html

After that we started seeing some informational activities and events but still no policy violations were triggered at all

Client had some Sandbox DLP Enforce maintenance and Corporate network maintenance going on at the time as well.

One of these maintenance activities caused the Cloud Connector in DLP Enforce to lose connectivity to CDS to CASB.

So no Application Detector / policy changes were getting over to CloudSOC

Resyncing DLP Enforce Cloud Connector helped some policies begin to work but not all of them.

Deeper Analysis revealed that  client also had Custom DLP Enforce Data Identifiers (DIs) which needed rebuilding.

Re-installing some default Data Identifiers (DIs) in DLP Enforce proved to Client that remaining issues were within the Custom DIs

Same DLP Enforce Policies that were using Custom DIs, changed to use default DIs, worked fine.