ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Outbound Gmail traffic is captured but there is no data in the message body.
Article ID: 160277
Updated On:
Products
Data Loss Prevention Enforce
Issue/Introduction
Capturing valid outbound Gmail requires a keyword (msgbody) due to keepalive
Resolution
A policy looking at mail.google.com will be triggered by a keepalive that gmail sends every 6 minutes when left open. The keepalive contains a lot of data but no msgbody.
Add the keyword "msgbody" to the relevant policy. When you click on the "Message Body" section of the incident report, you should be able to view the message. If you search the "Message Body" section you should see values similar to : name: msgbody value: (body)
Feedback
Yes
No
Powered by
