Email released from Quarantine outbound Exploit Incident is generated by SEDR Appliance incorrectly
search cancel

Email released from Quarantine outbound Exploit Incident is generated by SEDR Appliance incorrectly

book

Article ID: 252630

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

If you have enabled ESS Synapse integration with Email Security.Cloud., then SEDR Appliance will generate Incidents based off 4125 events.

Cause

Conversion of UTF-8 multi-byte characters caused a parse error from ESS retrieved data format into event json format. If a 4125 event comes in with fields missing, the existing logic mistook that as a trigger.

Resolution

This issue is resolved in SEDR 4.7.

Powered by Wolken Software