When viewing the event detail page for a Data In Motion (DIM) incident in the Information Centric Analytics (ICA) Risk Fabric console, you observe that the list of incidents and policies under the Other Policies Violated by Message heading is empty or incomplete despite evidence in the Symantec Data Loss Prevention (DLP) Enforce console showing other policies were violated by the same message.

Release : 6.x

Component : Symantec Data Loss Prevention Integration Pack, Policies

This condition can occur when one or more policies are disabled within ICA. ICA does not import incidents generated against disabled policies.

In the Risk Fabric console, navigate to Admin > Settings > Policy and enable the policy or policies in question. After enabling a policy, navigate to Admin > Settings > Data In Motion, locate the policy in the list of policies under the Policies heading, click the gear icon to the right of the policy, and select the option to Reingest Incidents. Repeat this process for each affected policy.

Note that this solution is only available in ICA 6.7; earlier versions do not feature the Reingest Incidents feature.

When either integrating a DLP data source for the first time or editing an existing DLP data source's configuration, you are presented the option to set the default import behavior for policies with the setting Enable Imported Policies. If this setting is not enabled, new policies created in DLP will be disabled in ICA by default. If you wish to enable a new policy, navigate to Admin > Settings > Policy, edit the ICA policy of the same name, and enable the new DLP policy.