Error accessing REST API and DIM writeback does not update incidents in Enforce
search cancel

Error accessing REST API and DIM writeback does not update incidents in Enforce

book

Article ID: 441917

calendar_today

Updated On:

Products

Information Centric Analytics

Issue/Introduction

After upgrading Symantec Data Loss Prevention (DLP) to version 16.1 or later, the View DIM Payload button stops working in the Risk Fabric console. Clicking the button loads the Data Details window, but displays the following message:

Error accessing REST API

Additionally, writeback does not update incident statuses in Enforce.

Errors similar to the following are captured in the RiskFabric server log (w3wp_RiskFabric.<yyyyMMdd>.log):

[110:ERROR] LogUtils.LogActivity() An exception was thrown by _UpdateIncidents while processing remediation set DIMRemediationSetID=<ID> for DLP Writeback on LinkedServer <ID>. Abort all processing for all LinkedServers.
System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
   at BayDynamics.SymantecDLP.Rest.DlpConnection.UpdateIncidents(IncidentBatchUpdate batch)
   at RiskFabric.Web.Library.DIM.DLP.DlpIncidentRemediation._IncidentUpdate(IDlpConnection dlpConnection, XElement incidentInfo, Int32 batchcount, List`1[] batches, Int32 SetID, Int32 linkedServerID, Action onWritebackSuccess, Action onWritebackPartialSuccess, Action onWritebackError)
   at RiskFabric.Web.Library.DIM.DLP.DlpIncidentRemediation.DLPIncidentRemediationProcess()

The server log is located in the following path on the server hosting Internet Information Services (IIS) and the RiskFabric web application:

%ProgramData%\BayDynamics\Logs\

Environment

Release : 6.x

Component : Symantec Data Loss Prevention Integration Pack

Cause

Beginning with DLP 16.1, the TLS 1.2 protocol is disabled and 1.3 is set as the default. As of version 6.7, Information Centric Analytics (ICA) only supports TLS 1.2.

Resolution

As a workaround, modify the Enforce server's Tomcat server.xml file to re-enable the TLS 1.2 protocol. This file is located in the following default path:

%SystemDrive%\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\tomcat\conf

Add the following to the SSLHostConfig header:

( protocols="TLSv1.3, TLSv1.2" )

For example:

<SSLHostConfig certificateVerification="none" revocationEnabled="false" sslProtocol="TLS" protocols="TLSv1.3, TLSv1.2" truststoreFile="${catalina.base}/conf/truststore.jks"

NOTE: This is not a complete line entry and is provided as an example only.

After making this change, save the file and restart the Symantec DLP Manager service. This will enable the Enforce console and REST API to negotiate connections using TLS 1.2.

Powered by Wolken Software