The Manage Application Detection option is missing in your Enforce Server
search cancel

The Manage Application Detection option is missing in your Enforce Server

book

Article ID: 164376

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Detection Service Data Loss Prevention Cloud Detection Service for ICAP Data Loss Prevention Cloud Detection Service for REST Data Loss Prevention Cloud Service for Email

Issue/Introduction

After a new Cloud Detector is added to the Enforce as a Detection Server, no incidents are being created, and it doesn't seem possible to view all configuration options as expected (e.g., incidents specific to "cloud" should be listed separately as an incident category).

Yet it is confirmed that content is successfully being uploaded - via the Elastica CloudSOC, for example

 

Environment

Newly added DLP Cloud Detector that has been successfully registered and enrolled with Elastica CASB CloudSOC.

The Cloud Detection Service covers all associated components such as CDS for CASB, CDS for Email, and CDS for WSS (aka Cloud SWG)

Cause

In the Enforce Server there are certain Role-Based Access Controls (RBAC) for managing the configuration of a Cloud Detection Server (CDS).

There are also new controls required for viewing cloud incidents.
Also, Cloud Detectors have additional configuration options to ensure that existing Policy Groups are assigned to Cloud Detectors for inspection of content that is being pushed to the CASB CloudSOC.

Resolution

Login to the Enforce Server as Administrator, go to Login Management > Roles

  1. For each role required to view incidents from cloud services, be sure the following are selected in the General tab:
    • For CDS for Email and the CDS for WSS, the User Role needs to have permissions to view Network Incidents
    • For CDS for CASB, the User Role needs to have permissions to view Application Incidents
  2. For each role required to manage the assignment of policies to CASB applications*, be sure the following is selected in the Policy Management tab:
    • Under Privileges, select Application Detection Control.

*The application detection configuration is required for CDS for CASB to receive policies:

  • Under Manage > Application Detection, privileged users can select specific Policy Groups in order for them to actually be synced with the CDS.