Getting Started with Cisco Secure Email Threat Defense Join us as our experts walk you through some of the fundamentals, key concepts, and outcomes of the Cisco Secure Email Threat Defense product. We will help you gain the insight needed to create a...
Forum Posts
Resolved! Cisco ESA Suspected URL
Dear all. I configured url filtering and added -5 -3 (Custom Range) for Suspected url. But some emails (with legitimate urls inside it) get blocked by esa due to newly created suspected url content filter. Could you please tell me how can I see the e...
Resolved! Cisco SMA Configure Cipher Suite
Hi, I tried to update SMA cipher using cli (sslconfig) but not able to do it because SMA does not behave the same as ESA. I found from other discussion that for SMA, I need to change the configuration on the config file and then upload the config fil...
Dear all. yesterday a company send our user an email with docx file attached. Email content reached to users but file not. I didn't understand what caused that file to be disappeared. NOte. I looked at monitoring logs and found out that Attachment is...
Seeing an odd issue with a particular mail provider... they currently have a broken SPF record (syntax error due to an errant space character). In the mail logs i'm seeing evidence of the SPF check being done, but then it goes straight on to perform...
I am trying to enable the DLP rule for Washington state privacy regulations. I tried using the preconfigured template, but I get a lot of false-positives. Does anyone have experience setting these up or customizing the template? This is new for me. W...
The Ironport text logs on the Cisco Email Security Appliance have timestamps that go down to the second, but not the millisecond - like this: Tue Aug 20 16:57:21 2019 This can make things very confusing when you send the logs to a SIEM: each event ca...
After following this document, I do not understand how to accomplish step 5 without over writing the cluster config. https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/213585-esa-ces-procedure-to-register-clustere.html Step 5 - Switch ...
I am trying to get AMP for ESA set up on our IronPort C170 appliance running ASyncOS 11.0.3. I believe I have my settings correct, however, files that have a verdict of unknown are not being uploaded for analysis. Perhaps I'm missing something? I hav...
Resolved! Pls help me to understand
For Version 12.5 on SSL Cert-Config is written:"TLSv1.0 and TLSv1.1 cannot be enabled simultaneously, but both can be enabled for use with TLSv1.2." What does it mean?TLSv1.2 + v1.1 + v1.0 enabled is NOT ok?butTLSv1.2 + v1.1 OR TLSv1.2 + v1.0 is ok? ...
Hi, we want to attach a header to our mails with the attached mime-types. In the Content-Filter/Action Variables documentation section we found a list of possible variables. The "filetypes" variable sounded very promising: File Types$filetypesReplace...
Hi, I found recommended SSL Cipher from link "https://community.cisco.com/t5/email-security/scan-revealed-weak-ssl-cipher/td-p/2805757" but the discussion is from 2016. Can I know what is the latest SSL Cipher recommended by Cisco for CIsco SMA and E...
I was investigating an email slowdown this morning and when I brought up one of our Cloud CES ESA's in a browser it showed that the listener was suspended. I went to the CLI-Log and I can see this: Mon Aug 19 08:14:58 2019 Info: PID 84174: User cics...
Dear all. yesterday I configured External Threat Feed in cisco esa. In order test it I send malicious url from my personal email to corporate email. that email directly send to Outbreak quarantine and approximately 1 hour later that email released fr...
I have problem with my Cisco ESA C170 it's connection refused through HTTP and SSH, I try access via console cable, yes can but there are a few log show after that C170 is reject to Login again. Any Idea to solve this issue.Thank you for you advice. ...
Is there any way to use ESA to identify Auto Forward and BCC Emails?
