"Custom Attribute lookup failed" error seen on Application incidents in DLP
search cancel

"Custom Attribute lookup failed" error seen on Application incidents in DLP

book

Article ID: 410399

calendar_today

Updated On:

Products

Data Loss Prevention Core Package Data Loss Prevention Data Loss Prevention Cloud Detection Service for REST Data Loss Prevention Cloud Detection Service Data Loss Prevention Enforce

Issue/Introduction

For Application incidents in DLP (generated by a REST Cloud Detection Server integrated with CASB), Custom Attribute lookup doesn't work, neither automatic nor manual. The same lookup works for other types of incidents. 

When trying to run a manual lookup on an Application/REST incident, an error "Custom Attribute lookup failed" is displayed on a red banner. 

Environment

DLP version 16.1 or earlier. 

Cause

The localhost logs collected from Enforce contain the following or similar exception around the time of the failed Custom Attribute lookup:

[com.symantec.dlp.incidentwebapi.IncidentApiRestErrorHandler] Index: 0, Size: 0|java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
    at java.util.ArrayList.rangeCheck(ArrayList.java:659)
    at java.util.ArrayList.get(ArrayList.java:435)
    at com.symantec.dlp.incidentdomainservices.workflow.attributes.LookupParameterCollector$IncidentData.loadRMISharedWith(LookupParameterCollector.java:262)
    at com.symantec.dlp.incidentdomainservices.workflow.attributes.LookupParameterCollector$IncidentData.getRMISharedWith(LookupParameterCollector.java:241)
    at com.symantec.dlp.incidentdomainservices.workflow.attributes.LookupParameterCollector$RestParameterGroup.addParameters(LookupParameterCollector.java:537)
    at com.symantec.dlp.incidentdomainservices.workflow.attributes.LookupParameterCollector.addParameters(LookupParameterCollector.java:120)
    at com.symantec.dlp.incidentdomainservices.workflow.attributes.CustomAttributeLookup.lookup(CustomAttributeLookup.java:341)
    at com.symantec.dlp.incidentdomainservices.workflow.attributes.CustomAttributeLookup.lookupAndSave(CustomAttributeLookup.java:451)
    at com.symantec.dlp.incidentdomainservices.action.LookupCustomAttributesService.lookupIncident(LookupCustomAttributesService.java:236)
    at com.symantec.dlp.incidentdomainservices.action.LookupCustomAttributesService$$FastClassBySpringCGLIB$$6198caac.invoke(<generated>)
    at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:792)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:762)
    at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:123)
    at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:388)
    at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:119)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
    at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:762)
    at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:707)
    at com.symantec.dlp.incidentdomainservices.action.LookupCustomAttributesService$$EnhancerBySpringCGLIB$$cd0322e9.lookupIncident(<generated>)
    at com.symantec.dlp.incidentwebapi.resources.IncidentUpdateController.lookupIncidentId(IncidentUpdateController.java:132)
    at com.symantec.dlp.incidentwebapi.resources.IncidentUpdateController$$FastClassBySpringCGLIB$$2d546d0d.invoke(<generated>)

This means the Custom Attribute lookup failure is caused by a defect in DLP 16.1 and earlier. The cause of the failure is that the REST incidents are missing a specific value, which leads to the exception and lookup failure.

Resolution

DLP 25.1 includes a permanent fix. This is referred in the 25.1 Fixed Issues documentation page:

Fixed Issues in 25.1

CRE-19640 - Custom attribute lookups are now successful for REST-based incidents that do not contain a certain value (RestMessageSharedWith). The fix ensures that if this value is missing, the Enforce Server manager does not throw an exception.

There is no workaround for this issue and the only solution is to upgrade DLP to 25.1. 

Powered by Wolken Software