Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: Email is sending the incorrect URL with 7.7.1+

EDR: Email is sending the incorrect URL with 7.7.1+

Environment

  • EDR Server: 7.7.1 and above
  • Email

Symptoms

The server URL being sent in the alert emails is incorrect

Cause

In 7.7.1 and above, code was added to check for available network interface cards and utilize the correct one to pull the IP and get the hostname.

  • DNS server is returning the incorrect FQDN
  • /etc/hosts first <ip> <servername> entry is incorrect. 

Resolution

  1. Confirm your DNS server listed in /etc/resolv.conf are returning the correct FQDN based on the IP
  2. If this is returning an internal FQDN that is not accessible outside or need to work around what is being returned, update the /etc/hosts entry (127.0.0.1 will not work)
    myip my_fqdn_servername
    example, notice the use of the actual IP and not just the loopback in the first line. :
    127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 myservername
    ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
    
    192.168.222.128 myservername

Additional Notes

  • HEDR customers have been corrected as of 9/28/22

Related Content


Labels (2)
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-22-2022
Views:
250
Contributors