Incident writeback fails after upgrading DLP to 16.0 RU1
search cancel

Incident writeback fails after upgrading DLP to 16.0 RU1


Article ID: 274469


Updated On:


Information Centric Analytics Data Loss Prevention Core Package


After upgrading Symantec Data Loss Prevention (DLP) to version 16.0 RU1 (16.0.1), writeback from Information Centric Analytics (ICA) fails and logs the following error in the RiskFabric server log on the ICA application server (w3wp_RiskFabric.<yyyyMMdd>.log):

[31:ERROR] RestApiClient.GetResponse() PATCH /ProtectManager/webservices/v2/incidents ProtocolError BadRequest 400
System.Net.WebException: The remote server returned an error: (400) Bad Request.
   at System.Net.HttpWebRequest.GetResponse()
   at BayDynamics.SymantecDLP.Rest.RestApiClient.<>c_DisplayClass4_0.<GetResponse>b_0()
   at BayDynamics.SymantecDLP.Common.ApiCallWrapper.Execute(Action fMethod, String securityProtocolType, Nullable`1 allowInvalidServerCertificate)
   at BayDynamics.SymantecDLP.Rest.RestApiClient.GetResponse(HttpWebRequest webRequest, String requestBody, Action`1 fProcessStream)
[31:ERROR] RestApiClient.GetResponse() Response {"status":400,"message":"REST API request validation failed.","i18nKey":

Unknown macro: {"i18nKey"}
,"detailedMessages":["Text '2023-09-14T20:11:48.6241989Z' could not be parsed, unparsed text found at index 23"],"detailedMessagesI18nKeys":[]}


Release : 6.6.0, 6.6.1

Component : Symantec DLP Integration Pack


The timestamp format used by the DLP REST API for incident notes was changed with RU1 to conform to the ISO 8601 standard.


A hotfix (HF1) has been released for ICA 6.6 MP1 (6.6.1) to resolve the incompatibility created by the timestamp format change in DLP 16.0 RU1. ICA 6.6 MP1 HF1 is available for download from the Broadcom Support portal.