Re: AsyncOS 13.0

ccna_security · ‎10-24-2019

hello. i upgraded ESA to 13.0 but when i read documentation shown link below, almost all configuration belongs to SMA. i dont use sma i have only single virtual ESA. i configure it localy. What kindf of configurations i have to look inside this document? i found only MAilbox remediation with regard to ESA.

https://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa13-0/ESA_13-0_Release_Notes.pdf

balaji.bandi · ‎10-24-2019

I believe for ESA - still below one is the recommended version and stable - until you experience any issues with the current version.

ESA:	12.5.0-066

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

marc.luescherFRE · ‎10-24-2019

The new topics in our order of importance for the ESA:

a) CLF Common Log File Format instead of mail log

b)Safe Print

c) SAML support

d) Next Generation UI

ccna_security · ‎10-24-2019

So what about mailbox remediation?

marc.luescherFRE · ‎10-25-2019

MAR - Message AutoRemediation was introdcued with AMP in Version 11 ?,

So even MAR now supports multi-tenant O365 and local Exchange I no longer consider it a new feature.

There have been many fixes behind the scenes in that Release which is also important for the product.

-Marc

ccna_security · ‎10-25-2019

as you said the important points in esa that i have to look shown below. Right?

a) CLF Common Log File Format instead of mail log (i couldnt find: System administration-log subscription-?)

b)Safe Print

c) SAML support

d) Next Generation UI

e)MAilBOx remediation(we use on-premises)

What abour Report enhancement etc. do all these feature belongs to SAM. do i have to take them into considiration. as i said we only use single virtual ESA not have SMA

marc.luescherFRE · ‎10-25-2019

Let me put a different spin on it. Since you appear to have no SMA and reporting is important to you what about about the idea of exporting the log files to a SIEM like XPOLOG , elastic search or Splunk instead ?

That way you could query any data of your ESA.

To create the new CLF for mail proceed as follows:

a) system administration/log subscriptions

b) Add log subscription as it is not enabled by default

c) Select type "Consoldiated Event Logs" and fill out the remaining details of that form like names, path etc.

d) Submit and Commit.

If I where a smaller company my priority would be :

Mail Box AutoRemediation , as it gives you immediate help when a verdict of a message changes.

Common Log File , as it gives you a better faster understanding what is happening for troubleshooting

and reporting

Safe Print , to see if that feature can mitigate some risk for you from file attachments/macros

SAML, should you have a policy that access needs to be validated via a central system and MFA

The new GUI is only partial for now so while it is interesteing to get an understanding of it as it has limited use for now as the configuration part is still using the old UI.

I hope that helps

-Marc

ccna_security · ‎10-25-2019

Let me put a different spin on it. Since you appear to have no SMA and reporting is important to you what about about the idea of exporting the log files to a SIEM like XPOLOG , elastic search or Splunk instead ?

thank you your explanation is really helpful. but one more question. I can see dashboard on ESA and it gives me lots of report from URL filtering to DMAR etc. so why do i need siem integration for it? whenever i need report i enter esa localy and see dashboard. what do you think?