To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Update to Rapid Detection & Response email messaging service

AnttiPi
AnttiPi Staff, Product Leadership Posts: 17 W/ Product Leadership

Rapid Detection & Response (RDR) email messaging service will be updated March 16th 2020.

After the email messaging service update content body will be base64 encoded compared to existing plain text.

Base64 encoded message content can easily be decoded manually or using MIME library meant for mail handling. Usually all email clients convert base64 to text automatically.


Example email notification message after the update:


Content-Type: multipart/alternative; boundary="===============4857744939220648954=="

MIME-Version: 1.0

Subject: HIGH RISK ALERT: Suspicious activity detected (ID 68-59456)

From: F-Secure <no-reply@f-secure.com>

To: someaddress@gmail.com


--===============4857744939220648954==

Content-Type: text/plain; charset="utf-8"

MIME-Version: 1.0

Content-Transfer-Encoding: base64


Ri1TZWN1cmUgUmFwaWQgRGV0ZWN0aW9uICYgUmVzcG9uc2UgZGV0ZWN0ZWQgdGhlIGZvbGxvd2luZyBhY3Rpdml0eToKIApDYXRlZ29yeSAgICAgICAgICAgIFRhcmdldGVkIGF0dGFjawpSaXNrIGxldmVsICAgICAgICAgIEhpZ2ggcmlzayA3NQpDb25maWRlbmNlICAgICAgICAgIE1lZGl1bQpDcml0aWNhbGl0eSAgICAgICAgIEhpZ2gKQWZmZWN0ZWQgaG9zdHMgICAgICA0IGhvc3RzCkNvbXBhbnkgICAgICAgICAgICAgUmFuZG9tIFRlc3QgQ29tcGFueQogClRvIHZpZXcgdGhpcyBCcm9hZCBDb250ZXh0IERldGVjdGlvbiwgb3BlbiB0aGUgUkRSIHBvcnRhbDoKaHR0cHM6Ly9wb3J0YWwucmRzLXN0Zy5mc3h0Lm5ldC9hcHAvZWRyL2RldGVjdGlvbnM/aW5jaWRlbnRJZD02OC01OTQ1NiZzb3VyY2U9Y3VzdG9tZXItbmV3LWRldGVjdGlvbg==


--===============4857744939220648954==--


Email message example before the update:


Content-Type: multipart/alternative; boundary="===============4857744939220648954=="

MIME-Version: 1.0

Subject: HIGH RISK ALERT: Suspicious activity detected (ID 68-59456)

From: F-Secure <no-reply@f-secure.com>

To: someaddress@gmail.com


--===============4857744939220648954==

Content-Type: text/plain; charset="utf-8"

MIME-Version: 1.0

Content-Transfer-Encoding: base64


F-Secure Rapid Detection & Response detected the following activity:


Category           Targeted attack

Risk level          High risk 75

Confidence       Medium

Criticality         High

Affected hosts  4 hosts

Company          Random Test Company


To view this Broad Context Detection, open the RDR portal:

https://portal.rdr.f-secure.com/app/edr/detections?incidentId=68-59456&source=customer-new-detection


--===============4857744939220648954==--

This discussion has been closed.

Categories