API-based functions within Information Centric Analytics' (ICA) Risk Fabric console do not prompt users for Enforce credentials, such as when clicking the View In DLP button, clicking the View DIM Payload button, clicking the Open Original Message link within the View DIM Payload window, or clicking the Download link under Related Information.

Release : 6.x

Component : Symantec Data Loss Prevention Integration Pack

ICA's View in DLP and View DIM Payload features connect to Enforce using the credentials of the REST API account configured in the DLP integration, not the credentials of the user logged-in to ICA's Risk Fabric console, nor the credentials of whatever active browser session a user might have open with Enforce.

Beginning with version 16.0 MP1 (16.0.0.1), DLP added Cross-Site Request Forgery (CSRF) protection for certain Enforce URLs. This broke ICA’s deep linking into DLP to download original messages for network incidents. Broadcom created a hotfix (HF2) for ICA 6.6 MP1 to address this, and that code is included in all subsequent releases. Refer to knowledgebase article CSRF Protection Failure.