Files are created in the outgoing folder on the Discover scanner but no incidents show up in the Enforce UI

search cancel

Files are created in the outgoing folder on the Discover scanner but no incidents show up in the Enforce UI

book

Article ID: 160445

calendar_today

Updated On:

Products

Data Loss Prevention Network Discover

Issue/Introduction

Files are created within the Job0 folder and incidents are being created within the outgoing folder. Once scanning is cancelled using CTRL+C, there will be no incidents showing in the UI.

Resolution

Relevant Versions: 8.0 and up

Scenario:

The Discover Scanner creates files within the Job0 folder and incidents are being created within the outgoing folder. Once the scanning is killed via CTRL+C, then you go to the UI and hit the start, none of the incidents are shown in the UI.

Cause/Resolution:

The files in the outgoing folder on the Discover Scanner are batches of messages. They are not yet regarded as incidents.

If you start the scanner as-is, it will clean out all the working directories (deleting everything in /outgoing). If you set it to incremental (in the scannercontroller.properties file) and then start the scanner, it will continue processing the files in /outgoing.

If there are incidents, they should be pushed to the Enforce server by the Discover Server.

Feedback

thumb_up Yes

thumb_down No