Original message attached to response rule notification is unreadable

book

Article ID: 159399

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

You have configured a response rule that sends an email notification and includes the original message (for SMTP incidents). When the notification arrives, the main message looks normal, but the attached original message is garbled and unreadable. You can read the original message normally in the incident detail page.

Resolution

If the original message is readable in the user interface (such as in the Incident Detail page), but unreadable in the SMTP notification, the issue is that the Incident Persister service was unable to decrypt the message before sending the notification. The original message is stored encrypted in the Oracle database, but in some cases, the encryption keys stored by the Incident Persister become out of date. The Manager service still has the correct keys, so you can still read the message in the user interface.

You can resolve this problem by recycling the services on the Enforce server; this will cause the services to refresh the keys automatically. After the services restart, any new notifications will have the correct original message attached.