Update to Rapid Detection & Response email messaging service
Rapid Detection & Response (RDR) email messaging service will be updated March 16th 2020.
After the email messaging service update content body will be base64 encoded compared to existing plain text.
Base64 encoded message content can easily be decoded manually or using MIME library meant for mail handling. Usually all email clients convert base64 to text automatically.
Example email notification message after the update:
Content-Type: multipart/alternative; boundary="===============4857744939220648954=="
MIME-Version: 1.0
Subject: HIGH RISK ALERT: Suspicious activity detected (ID 68-59456)
From: F-Secure <no-reply@f-secure.com>
--===============4857744939220648954==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Ri1TZWN1cmUgUmFwaWQgRGV0ZWN0aW9uICYgUmVzcG9uc2UgZGV0ZWN0ZWQgdGhlIGZvbGxvd2luZyBhY3Rpdml0eToKIApDYXRlZ29yeSAgICAgICAgICAgIFRhcmdldGVkIGF0dGFjawpSaXNrIGxldmVsICAgICAgICAgIEhpZ2ggcmlzayA3NQpDb25maWRlbmNlICAgICAgICAgIE1lZGl1bQpDcml0aWNhbGl0eSAgICAgICAgIEhpZ2gKQWZmZWN0ZWQgaG9zdHMgICAgICA0IGhvc3RzCkNvbXBhbnkgICAgICAgICAgICAgUmFuZG9tIFRlc3QgQ29tcGFueQogClRvIHZpZXcgdGhpcyBCcm9hZCBDb250ZXh0IERldGVjdGlvbiwgb3BlbiB0aGUgUkRSIHBvcnRhbDoKaHR0cHM6Ly9wb3J0YWwucmRzLXN0Zy5mc3h0Lm5ldC9hcHAvZWRyL2RldGVjdGlvbnM/aW5jaWRlbnRJZD02OC01OTQ1NiZzb3VyY2U9Y3VzdG9tZXItbmV3LWRldGVjdGlvbg==
--===============4857744939220648954==--
Email message example before the update:
Content-Type: multipart/alternative; boundary="===============4857744939220648954=="
MIME-Version: 1.0
Subject: HIGH RISK ALERT: Suspicious activity detected (ID 68-59456)
From: F-Secure <no-reply@f-secure.com>
--===============4857744939220648954==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
F-Secure Rapid Detection & Response detected the following activity:
Category Targeted attack
Risk level High risk 75
Confidence Medium
Criticality High
Affected hosts 4 hosts
Company Random Test Company
To view this Broad Context Detection, open the RDR portal:
https://portal.rdr.f-secure.com/app/edr/detections?incidentId=68-59456&source=customer-new-detection
--===============4857744939220648954==--
Categories
- All Categories
- 4.7K WithSecure Community
- 3.6K Products
- 1 Get Support