The Symantec Cloud SWG Import Utility runs and completes successfully and the SymantecCloudSWGDW database contains imported data, but evidence of these records isn't visible anywhere in the Risk Fabric console.

Version : 6.x

Component : Symantec Cloud SWG Import Utility

Customers who use SAML authentication with Symantec Cloud SWG (formerly WSS) have the option for users to authenticate using an e-mail identifier instead of an Active Directory (AD) account, resulting in generated events being imported into ICA with the [cs-userdn] identifier in the format <user>@<domain>.<tld> rather than the expected <domain>\<account_name>. The function fnGetUserFromDomainUser does not handle this format, resulting in Cloud SWG events not being mapped to users during processing.

An update to properly process Cloud SWG events that are associated with e-mail identifiers will be included in the 6.7 MP1 release.