Excessive Profile Indexing May Prevent Cloud Detection Service (CDS) from Detecting EDM or IDM Incidents Accurately
search cancel

Excessive Profile Indexing May Prevent Cloud Detection Service (CDS) from Detecting EDM or IDM Incidents Accurately

book

Article ID: 388669

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Service for Email Data Loss Prevention

Issue/Introduction

When testing CDS for Email or ICAP, I am not receiving the incidents I am expecting when using EDM or IDM rules.

Environment

DLP 16.x

Cause

Loading and unloading EDM and IDM profiles excessively may impact detection performance. This may look like missed matches within incident reports or false negatives detections.

Resolution

Increase the minimum indexing schedule from 1 minute to 20 - 60 minutes to allow time for transfer, unload and loading of new profile data.

 

Powered by Wolken Software