ATP Platform shows multiple events for a single email with multiple malware detections

book

Article ID: 164187

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

ATP Platform shows multiple events for a single email with multiple malware detections.

Cause

Behavior by design.

 

To properly correlate events to other events, ATP Platform has to translate events from Email Security.cloud in such a way that an event is generated for each piece of malware that is detected by the Anti-malware service of Email Security.cloud, even when multiple detections occur within a single email attachment. In contrast, the Email Track and Trace tool within the customer portal of Email Security.cloud is geared more towards identifying that a malware detection occurred and whether a mail message was blocked because of the malware or spam detection.

Environment

ATP Platform

Email Security.cloud correlation enabled

Resolution

Use as is.

Powered by Wolken Software