When using Synapse with the Email Security.cloud correlation feature, you see Cloud Error showing as the status for this feature.
The Health Status may also show the message, "Synapse Email correlation is malfunctioning: please call support"
This is indicating that the ATP Manager is unable to obtain the Email events from datafeedapi.symantec.com.
To check for a known issue with the cloud infrastructure, log in to identity.symanteccloud.com and navigate to System Alerts
If the cloud portal shows a System Alert related to the API is in place, wait until the Alert ends before continuing.
To check ATP's ability to reach the Symantec servers, at the ATP command line interface (CLI), type: status_check
If output from status_check shows that datafeedapi.symantec.com is NOT reachable, and other Symantec servers that are NOT reachable, check the firewall or proxy configuration against the ports and urls document, here:
If output from status_check shows that datafeedapi.symantec.com is NOT reachable, and it is the only Symantec server that is NOT reachable, and there is no proxy where ATP is deployed, to test the firewall port, type: tcp_check datafeedapi.symanteccloud.com 443
If output from tcp_check does not show CONNECTED, ATP does not have access to TCP port 443 for datafeedapi.symanteccloud.com. Please resolve before continuing.
If output from tcp_check shows CONNECTED, ATP has port access, but an upstream device is changing the certificate used to secure the TLS1.2 communication of datafeedapi.symanteccloud.com. ATP knows the digital certificate of this individual server and will disconnect when it receives a substitute or alteration to this certificate to prevent attackers from gaining user data using a Man In The Middle attack against the organization it protects. Please configure intervening proxy, firewall, or other network devices to permit TLS traffic between ATP and datafeedapi.symantec.com to pass without alteration.
If the triage steps above do not appear to point to a solution, at the ATP CLI, type "gather_logs" to upload logs to the ATP Telemetry server, then open a case with Symantec Technical Support.
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.