Broadcom CloudOps Reports Connectivity Issues, Policy Alerts, or Instability with Cloud Detection Servers (CDS)
search cancel

Broadcom CloudOps Reports Connectivity Issues, Policy Alerts, or Instability with Cloud Detection Servers (CDS)

book

Article ID: 439191

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Detection Service for ICAP Data Loss Prevention Cloud Detection Service for REST Data Loss Prevention Cloud Package Data Loss Prevention Cloud Prevent for Microsoft Office 365 Data Loss Prevention Cloud Service for Discovery/Connector Data Loss Prevention Cloud Service for Email Data Loss Prevention Enforce Data Loss Prevention Enterprise Suite Data Loss Prevention Cloud Detection Service Data Loss Prevention Cloud Detection Service for API Detection Data Loss Prevention Cloud Detection Service for Endpoint Data Loss Prevention

Issue/Introduction

Symantec DLP Operations has identified that the policy catalog file is updated excessively (e.g., every minute) on Cloud Detectors. This frequency triggers policy alerts for the DLP Operations team.

This issue can be identified by checking the CDS activity windows on the Enforce console. If the system is affected, the "Configuration file delivery complete" event will appear at an unusually high frequency (e.g., every minute), indicating that the policy catalog and configuration files are being constantly rewritten.

 

 

Environment

DLP with Cloud Managed Detectors

Cause

This issue occurs when the Index Settings for a Directory Connection (LDAP) or Data Profile (EDM/IDM) are configured with an overly aggressive schedule (e.g., every 1 minute).

The underlying mechanism causing the issue is as follows:

  1. Every time a Directory Connection, IDM, or EDM is re-indexed, a new profile version is generated.

  2. This new version is automatically pushed to all enrolled Cloud Detection Servers.

  3. To accommodate the change, the CDS is forced to delete and rewrite its local policy catalog.

This excessive update frequency triggers unnecessary policy alerts for the DLP Operations team and causes severe performance issues on the Cloud Detectors:

  • Detection Impact: The continuous loading and unloading of new profiles interferes with regular scanning performance, which can lead to missed matches or false-negative detections.

  • Service Instability: The continuous rewriting of the local policy catalog overloads the system, leading to policy loading errors, system malfunctions, and overall service instability.

 

 

 

 

Resolution

To resolve this issue and stabilize the Cloud Detection Servers, adjust the indexing schedules to a more sustainable frequency:

  • Increase the minimum indexing schedule for IDM, EDM, and Directory Connections to at least 20–60 minutes (ideally 1 hour or Daily) to allow sufficient time for the transfer, unloading, and loading of new profile data.

  • Monitor the CDS Events (System > Servers and Detectors > Overview) to ensure that catalog file updates now correspond to the new, longer interval.

Additional Information

Related articles:

Excessive Profile Indexing May Prevent Cloud Detection Service (CDS) from Detecting EDM or IDM Incidents Accurately

EDM/IDM scheduling periods

Powered by Wolken Software