New RBAC options for managing Cloud Detection Server (CDS) as well as for viewing Cloud incidents

book

Article ID: 164376

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Detection Service

Issue/Introduction

After a new Cloud Detector is added to the Enforce as a Detection Server, no incidents are being created, and it doesn't seem possible to view all configuration options as expected (e.g., incidents specific to "cloud" should be listed separately as an incident category).

Yet it is confirmed that content is successfully being uploaded to the Elastica CloudSOC.

Cause

In DLP 14.6 and above, there are new Role-Based Access Controls (RBAC) for managing a Cloud Detection Server (CDS).

There are also new controls required for viewing cloud incidents.
Also, Cloud Connectors have additional configuration options to ensure that existing Policy Groups are assigned to Cloud Connectors for inspection of content that is being pushed to the Elastica CASB.

Environment

Newly added DLP Cloud Detector that has been successfully registered and enrolled with Elastica CASB CloudSOC.

  • In DLP 14.6 versions, the server which connects to the CASB CloudSOC is called the Cloud Service Connector
  • In DLP 15.0, this service and its associated product was renamed to the Cloud Detection Service - it's the same service, but with updated features

Resolution

For DLP 15.0 and higher versions

Logging in as Administrator, go to Login Management > Roles

  1. For each role required to view incidents from cloud services, be sure the following are selected in the General tab:
    • For Cloud Service for Email, the User Role needs to have permissions to view Network Incidents
    • For Cloud Detection Service, the User Role needs to have permissions to view Application Incidents
  2. For each role required to manage the assignment of policies to Application Detectors, be sure the following are selected in the Policy Management tab:
    • Under Privileges, select Application Detection Control

In addition, adding an "App Detection" configuration is required for Cloud Detection Servers to receive policies:

  • Under Manage > Application Detection, privileged users can select specific Policy Groups in order for them to actually be synced with the CDS.

 

 

For DLP 14.6 MP3 and earlier versions

Logging in as Administrator should reveal that the User Role needs to have permissions to view Cloud incidents and Cloud Connectors.

  1. For each role required to view incidents from cloud services, be sure the following are selected in the General tab:
    • For all Cloud Services, the User Role needs to have permissions to view Cloud Incidents
  2. For each role required to manage the assignment of policies to Application Detectors, be sure the following are selected in the Policy Management tab:
    • Under Privileges, select Manage Cloud Connectors

In v 14.6, adding an separate "Cloud Connector" configuration is not required for Cloud Service Connectors to receive policies as the Default configuration will suffice.