I am using Symantec DLP product to import DLP event to other syslog server such as SIEM product. Now I meet a problem that the message created in symantec DLP can not be transferred to the syslog server.
I configure a response rule to send this DLP message to syslog server.
And I configure a policy to use this response rule, and trigger an incident by this policy. But this message is not transferred to the syslog server. The history of the incident is as follow:
You can see that the incident data is discarded by Network_Discover server.
So, anyone can help to fix this problem? Any suggestions? Thaks a lot!