Changes made to incident statuses in the Risk Fabric console are not reflected in the Enforce console.

Version : 6.x

Component : Symantec DLP Integration Pack

The Enforce console is missing one or more custom attributes required for writeback from Information Centric Analytics (ICA).

In addition to ensuring the API account specified in the DLP integration has sufficient privileges in the Enforce REST API, the Configuring Symantec DLP Data Source Connections section of the Symantec ICA Administrator Guide should be followed closely when creating the integration with DLP to ensure that all required custom attributes exist in the Symantec DLP Enforce console.

When writeback fails because one or more required custom attributes are missing from Enforce, the following error message is captured in the RiskFabric relational database table dbo.ActivityLog:

UpdateIncidents status code: VALIDATION_ERROR

The Risk Fabric server log will also capture the following error message:

[192:ERROR] DlpIncidentRemediation.<DLPIncidentRemediationProcess>b__2() DLPWriteback for DIMRemediationSetID=<ID> failed on LinkedServer <LinkedServer-ID>. the set will not be retried. Now continue on to next remediation set on this LinkedServer.

The server log file is named w3wp_RiskFabric.<yyyyMMdd>.log and is located on the application (IIS) host server in the following path: %SystemDrive%\ProgramData\BayDynamics\Logs