DLP Enforce Policy remediation MIP tagging through CASB data at rest fails
Article ID: 378078
Updated On:
Products
CASB Gateway Advanced
CASB Advanced Threat Protection
CASB Audit
CASB Gateway
CASB Security Advanced
CASB Security Advanced IAAS
CASB Security Premium
CASB Security Premium IAAS
CASB Security Standard
CASB Securlet IAAS
CASB Securlet SAAS
CASB Securlet SAAS With DLP-CDS
Issue/Introduction
Client has DLP Enforce and CloudSOC (CASB) for DAR (Securlet) policies.
DLP Enforce Policy with CASB response rule to label REST API One Drive files using MIP tagging is failing.
In CloudSOC Investigate and DLP Enforce seeing - Failed to tag filename XXXYYYZZZ.docx as "
Resolution
Client changed the response rule in the DLP Enforce CloudSOC MPIP policy to this format:
{"labelName":"Confidential", "justificationText":"DLP_RESPONSE_ACTION"}
Test file then added to OneDrive was successfully remediated (tagged with desired label) via O365 Securlet
Additional Information
Note: O365 REST API processing takes time and subject to API performance factors.
Usually takes 15 to 30 min in a very small 25 User test lab to apply a tag
Feedback
Yes
No
Powered by
