Data Loss Prevention

 View Only

  • 1.  corrupted incident

    Trusted Advisor
    Posted Jul 26, 2013 10:46 AM

    Hello

    sometimes we received event code 1802 which is linked to "Corrupted incident received" and a .bad file is generated on enforce server.

    Is there any common reason for such message and how we can use .bad file to reprocess or insert these incidents in DLP ?

     Regards



  • 2.  RE: corrupted incident

    Broadcom Employee
    Posted Jul 28, 2013 09:50 AM

    There are several causes of corrupted incidents, but by far the most common is the lack of sufficient tablespace to store incidents in the Oracle database. In this case, incidents from all detection servers will generate the "corrupted incident received" error.

    So, you can check the usage of your tablespace firstly.



  • 3.  RE: corrupted incident
    Best Answer

    Broadcom Employee
    Posted Jul 28, 2013 10:00 AM

    check this article

    Article ID: 54212



  • 4.  RE: corrupted incident

    Trusted Advisor
    Posted Jul 29, 2013 05:05 AM

    thanks.

    we have no issue with DB, and all our corrupted incident came from same network monitor. so i think it is related to network issues. We will investigate more on this point.



  • 5.  RE: corrupted incident

    Broadcom Employee
    Posted Jul 31, 2013 12:37 PM

    Stephane,

    If you have a support contract, open up a ticket. We can analyse a packet capture from this server and let you know if the SPAN/TAP port is misconfigured. (Duplicate traffic, jumbo packets, dropped packets, etc...)

     

    Best,

    Ryan



  • 6.  RE: corrupted incident

    Posted Aug 05, 2013 03:23 AM

    hi pete,

    do you have the link address on this

    thank you



  • 7.  RE: corrupted incident

    Broadcom Employee
    Posted Aug 05, 2013 03:26 AM

    https://kb-vontu.altiris.com/

    serach the article id after login.



  • 8.  RE: corrupted incident

    Posted Aug 05, 2013 04:18 AM

    hi,

    thank you, i will check this article.