search cancel

Email released from Quarantine outbound Exploit Incident is generated by SEDR Appliance incorrectly

book

Article ID: 252630

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

If you have enabled ESS Synapse integration with Email Security.Cloud., then SEDR Appliance will generate Incidents based off 4125 events.

Cause

Conversion of UTF-8 multi-byte characters caused a parse error from ESS retrieved data format into event json format. If a 4125 event comes in with fields missing, the existing logic mistook that as a trigger.

Resolution

This issue is resolved in SEDR 4.7.