Event remediation actions taken in the Information Centric Analytics (ICA) console for Data In Motion (DIM) incidents from Symantec Data Loss Prevention (DLP) are not updated in the Enforce console. The RiskFabric server log (w3wp_RiskFabric.<yyyyMMdd>.log) captures errors similar to the following:
Error getting DLP Incident: Error calling incidentDetail for source incident [<n>] - exception: There was no endpoint listening at https://<Enforce hostname>/ProtectManager/services/v2011/incidents that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
Release : 6.x
Component : Symantec DLP Integration Pack
This can be caused by any of the following conditions:
To resolve this error, confirm the correct Enforce server name or IP address is specified in the Symantec DLP integration; ensure the correct API type is in use (DLP 15.x uses SOAP, 16.x uses REST); and ensure communications between the ICA and Enforce servers are not blocked by firewall rules or policies.