Original attachment in incident generated for MIP encrypted email with decryption enabled has special characters
search cancel

Original attachment in incident generated for MIP encrypted email with decryption enabled has special characters

book

Article ID: 413671

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Cloud Package Data Loss Prevention Cloud Storage Data Loss Prevention Core Package Data Loss Prevention Enforce Data Loss Prevention Enterprise Suite

Issue/Introduction

With DLP 16.1 a feature was introduced to make decrypted email file and its attachments available in the incident snapshot.

However, with setting decrypt.mip.message.and.attachments.feature.enabled = true in enforce.properties file, we can see special characters replace the original content and in some cases question marks are added to the original message.

Environment

16.1 +

Cause

NA

Resolution

Issue is being investigated by Broadcom engineering team.

As a workaround, since the downloaded eml has special characters, we can rely on 'Message Body' preview in the incident snapshot (just below the 'Open Original Message' link).

If 'Message Body' preview does not display complete email, you can use REST API request and execute it in a new tab of your web browser. For example:

For this incident ID 14711949 snapshot URL:
https://<enforce_IP/Hostname>/ProtectManager/enforce/ui/incident/snapshot/<incident_ID>

Open a new tab and navigate to the messageBody API URL for that same incident ID, like this:
https://<enforce_IP/Hostname>/ProtectManager/webservices/v2/incidents/<incident_ID>/messageBody

Replace <incident_ID> with actual incident ID

Note: This will open the email body with the correct content (but it's only text, you lose the formatting).

Powered by Wolken Software