The SEDR Appliance will not send email alerts if any of the accounts configured have an invalid email address

book

Article ID: 170405

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

You have set up multiple accounts on the Advanced Threat Protection or Symantec Endpoint Detection and Response appliance, and enabled the box to receive alert emails, but no emails or received despite seeing Incidents being generated.

Cause

When setting up the account information on ATP, you have to provide a correct and valid e-mail address for any account that you select to receive alert emails. If the mail server rejects any of the recipient email addresses, the ATP software will abort the email and nothing will be sent.

Resolution

You will need to review each user account on the Settings -> Users screen and verify each email address for accounts where 'Receive email notification when incidents occur' is checked. Validate that the configured SMTP server will allow the appliance to relay for email domains provided, if they are not local to that SMTP server.

Attachments