In our Sandbox CASB tenant the Slack Securlet is not generating expected events & activities, nor triggering DLP Enforce Policy Violations
Client had reactivated Slack Securlet recently. Worked with Client to go through all Slack Securlet pre-requisites listed in the Slack Tech Doc below.
After that we started seeing some informational activities and events but still no policy violations were triggered at all
Client had some Sandbox DLP Enforce maintenance and Corporate network maintenance going on at the time as well.
One of these maintenance activities caused the Cloud Connector in DLP Enforce to lose connectivity to CDS to CASB.
So no Application Detector / policy changes were getting over to CloudSOC
Resyncing DLP Enforce Cloud Connector helped some policies begin to work but not all of them.
Deeper Analysis revealed that client also had Custom DLP Enforce Data Identifiers (DIs) which needed rebuilding.
Re-installing some default Data Identifiers (DIs) in DLP Enforce proved to Client that remaining issues were within the Custom DIs
Same DLP Enforce Policies that were using Custom DIs, changed to use default DIs, worked fine.