To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Migration of Infection emails to Security Events notification emails on 4th of October 2022

Options
PetriKuikka
PetriKuikka W/ Alumni Posts: 237 Threat Terminator

Hi,

as warned already inside the portal, we will be removing the Infections tab on 4th of October. At the same time we will be migrating all Infection email users to Security Events email notifications. This migration will happen before the Infections tab is removed.

Migration process will be following

  1. We collect all old account configurations for Infection emails
  2. We add to Security events email notifications same emails and language, if there is no configuration for that account already.
    1. So if you have already taken into use the Security events email notifications, we will not touch your existing configuration. Only the accounts that have nothing configured on the new side will be migrated.
  3. New side starts processing the emails. First email from new side will include 24h of infections, so you will receive some duplicates in this email.
  4. We will stop processing of old infection emails and remove the infections tab. As the step 3 & 4 are not synchronous, you might also get some duplicate emails from both sides for short time.

If you happen to have automatic processing of these emails in place, there is a small risk that this integration will break in this migration due to email format changes. We have done all possible to guarantee that actual email content is exactly same, except for some languages like German the date format used to use 2 character day notation and now it uses 2 chars + dot. Also the email headers are bit different due to totally different emailing systems. Old implementation was using technologies from 2005 so making it exactly same just wasn't possible,

Also after this migration, you might receive lot more infection alerts in emails as the new Security events support more infection types and especially support Mac and Linux infections alerts lot better. Data in emails should match totally the infections in Security events. Easiest way to get to correct filters is to open Security Events (...) -> Infections Alerting Configuration

and from there this info popup:

And as explained in the info popup, these emails will only include the Infection type Security events. It is also missing the possibility to filter infections based on types like the old side had it. If you would like to see more features like filtering out something on this new Security events email notifications, please add idea to our idea portal.

Br, EPP team

Answers

  • PetriKuikka
    PetriKuikka W/ Alumni Posts: 237 Threat Terminator
    Options

    Hi,

    this migration has been executed successfully today for all 5 production portals. All portals are now without the old Infections tab and Security Events is also without the PILOT text.

    Br, EPP team.

This discussion has been closed.

Categories