Client reported: "We are getting a lot of Content Quarantine Action Failed for DLP Enforce CloudSOC Salesforce Securlet policy."
In this instance it is happening within two different Salesforce Accounts, All Users, All files uploaded which violate PII or PCI policies in DLP Enforce.
During Log review - CASB Support did NOT see evidence of any coding type errors. Policy appears to be syncing successfully with CloudSOC and API communicating with Salesforce.
We found files identified as matching DLP Enforce policy / CI filter, and after multiple retries, CloudSOC Securlet Rest API failing to quarantine them.
In this case Admin User was receiving an Alert and deleting the file before quarantine action could complete via Rest API