Continuous Detection and Response Events

A continuous detection and response (CDR) event represents a detection of a threat within the CDR ecosystem. The threat identification can result from many vectors, including

• BEC indicators from Fortra Email Threat Operations
• Community sourced intelligence from user phish reports vetted by PhishLabs and Fortra
• Fortra Threat Operations research

A CDR event is a set of conditions that is used to examine messages already existing in your environment and new incoming messages.

It's possible to see a CDR event with a message count of zero. That's because the message count represents the number of messages found in your organization matching a CDR event. It's good for you, of course, that a known threat is not attacking your organization, but information about known threats that CDR provides helps you:

• Be aware of the current threat landscape
• Gives you information that can help you keep your security infrastructure up-to-date and prepared to counter current and future threats

CDR events are checked continuously, and all new inbound messages are checked against existing unexpired CDR events. CDR events expire automatically 60 days after the last message matched in any Fortra Cloud Email Protection-protected organization. Expired CDR events are removed from Cloud Email Protection and are no longer visible on the Continuous Detection and Response page (Manage > Continuous Detection).