Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
therrybef
Explorer

Threat Emulation (MTA+BCC) - multiple logs generated with the same event

Hi All,

 

Currently I have TE (R80.20 version) and the management server (R80.30 version). The TE runs MTA with BCC mode. From the management server, I can see the email traffic has copied already to my gateway, but there a lot of logs are generated with the same event. After my short investigation, multiple logs represent the number of recipient. Does Threat Emulation will emulate every single recipient and made it as multiple sessions? or something unusual happens here? Please find below the capture. Thanks for your all kindness.

 

MTA+BCC.PNG

 

 
 
0 Kudos
4 Replies
PhoneBoy
Admin
Admin

Generally, a given file should only be emulated once, even if it is sent to multiple recipients at different times.
Recent emulations are cached.
Possible a log entry is generated per recipient.
0 Kudos
therrybef
Explorer

Thanks for your prompt reply. Is it a normal behaviour? From my Check Point DemoPoint lab (using MTA only), I can see there is only one log generated for each event (even though multiple recepients there).
0 Kudos
therrybef
Explorer

Does anyone has same issue?

0 Kudos
PhoneBoy
Admin
Admin

If you're seeing this in one environment but not another, it might be worth a TAC case.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events