000038526 - RSA Archer Mail Monitor data feed is not processing the body of emails

Document created by RSA Customer Support Employee on Mar 13, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000038526
Applies ToRSA Product Set: RSA Archer
RSA Product/Service Type: RSA Archer (On-Premise)
RSA Version/Condition: 6.x
Issue
  • The Data Feed successfully finds and processes the email message.
  • The body_text source definition field is mapped on the "Data Map" tab.
  • All the components of the email are transferred to the Archer records but the body_text data is not transferred into the field that it's been mapped into.
  • In some situations mapping, body_text is required. For example, situations where emails sent to the mailbox are forwarded IT Risk / Cyber Incidents / Phishing / Spam / Malicious emails, and so forth, that have been forwarded to Archer as context for incident investigation and resolution.  For these situations, there is a need to transfer plaintext instead of HTML to Archer records.

User-added image
Cause
  • The body_text component of the email message is processed from the plaintext component of the email received.  Some emails are entirely HTML and do not have a plaintext component. For these emails, body_plain will be empty.
  • The emails process by the Mail Monitor data feed must have a plaintext component for body_text to have a value and transfer over into the Archer record.
ResolutionConfigure all email clients that send mail to the mailbox monitored by the Archer Mail Monitor Feed to force outgoing emails into plaintext.

Outlook 365:
  1. File -> Options -> Mail -> Message Format (at bottom) -> Convert to Plaintext
  2. File -> Options -> Mail ->Compose (at top) -> Plaintext
  3. File -> Options -> Trust Center -> Trust Center Settings -> Email Security -> Read all standard mail in plaintext (check) -> Read all digitally signed mail in plaintext (check)
  4. Restart outlook.

Thunderbird:

  • Options -> Delivery format -> Plaintext only.

Outlook For Web:

  • Change formatting from "HTML" to "Plaintext" for each email sent/forwarded and/or change the default in the options (if sufficient permissions available).

 

Attachments

    Outcomes