After upgrading Symantec Data Loss Prevention (DLP) to version 16.0 RU1 (16.0.1), writeback from Information Centric Analytics (ICA) fails and logs the following error in the RiskFabric server log on the ICA application server (w3wp_RiskFabric.<yyyyMMdd>.log):

[31:ERROR] RestApiClient.GetResponse() PATCH /ProtectManager/webservices/v2/incidents ProtocolError BadRequest 400
System.Net.WebException: The remote server returned an error: (400) Bad Request.
   at System.Net.HttpWebRequest.GetResponse()
   at BayDynamics.SymantecDLP.Rest.RestApiClient.<>c_DisplayClass4_0.<GetResponse>b_0()
   at BayDynamics.SymantecDLP.Common.ApiCallWrapper.Execute(Action fMethod, String securityProtocolType, Nullable`1 allowInvalidServerCertificate)
   at BayDynamics.SymantecDLP.Rest.RestApiClient.GetResponse(HttpWebRequest webRequest, String requestBody, Action`1 fProcessStream)
[31:ERROR] RestApiClient.GetResponse() Response {"status":400,"message":"REST API request validation failed.","i18nKey":

Unknown macro: {"i18nKey"}
,"detailedMessages":["Text '2023-09-14T20:11:48.6241989Z' could not be parsed, unparsed text found at index 23"],"detailedMessagesI18nKeys":[]}

Release : 6.6.0, 6.6.1

Component : Symantec DLP Integration Pack

The timestamp format used by the DLP REST API for incident notes was changed with RU1 to conform to the ISO 8601 standard.

A hotfix (HF1) has been released for ICA 6.6 MP1 (6.6.1) to resolve the incompatibility created by the timestamp format change in DLP 16.0 RU1. ICA 6.6 MP1 HF1 is available for download from the Broadcom Support portal.