Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
752
Views
3
Helpful
9
Replies

CES integration query

Go to solution
Vishal6
Level 1
Level 1

‎07-17-2024 05:17 AM

Hello All,

Need help on below points

Integration of CES CLI and GUI Login with SAML SSO using Microsoft Azure AD

  • I'm in the process of integrating CES CLI and GUI login (cluster of 8 instances) with SAML SSO using Microsoft Azure AD. I'm referring to the documentation provided below. Please confirm if there are any risks involved? Specifically, while configuring SAML SSO would i lose access of administrator users created locally on the instances?

https://docs.ces.cisco.com/docs/saml-authentication

Submitting False Positive or False Negative Sample Mails

  • Is there a mechanism available where we can submit sample emails identified as false positives or false negatives for analysis? We would like to know reason on why these emails were misclassified.
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ccieexpert
Spotlight
Spotlight
In response to Vishal6

‎08-09-2024 02:02 PM

yes you have to define each appliance on Azure.. and you can do one at a time..

only gui is doing SSO, not the CLI...

 

**Please mark as helpful if this was useful**

View solution in original post

9 Replies 9

Go to solution
ccieexpert
Spotlight
Spotlight

‎07-17-2024 01:26 PM

No risk as the local admin will also work at the same time... 

for evaluation of false positive you have to generally open a TAC case.

Please mark helpful if this was helpful.

Go to solution
Ken Stieers
VIP
VIP

‎07-17-2024 02:33 PM

you can send mail to SPAM@access.ironport.com, phish@access.ironport.com, ham@access.ironport.com, ads@access.ironport.com

Or you can can deploy the Outlook plugin. https://software.cisco.com/download/home/284900944/type/283090986/release/7.6.2-037

 

you can see what happens to those from here: https://talosintelligence.com/email_status_portal

(go to talosintelligence.com, login, click on Email Submissions in the upper right.)

From there, under Manage Account on the left you can claim you domains, etc... 

 

 

 

 

 

Go to solution
Vishal6
Level 1
Level 1
In response to Ken Stieers

‎07-18-2024 03:35 AM

Hi Ken,

Do i need to create an account on talosintelligence.com before forwarding mails to SPAM@access.ironport.com, phish@access.ironport.com, ham@access.ironport.com, ads@access.ironport.com.

 I have checked some document it says plug-in End Of Life was December 31, 2023 and in place of that email submission add-in have been introduced. Does installing Email submission add-in autoinstalls Encryption Add-In, if yes how can i unselect Encryption Add-In part. Please refer below screenshot.

Vishal6_1-1721298866860.png

Atlast forwarding mails to specified ironport mail address will make an auto entry to https://talosintelligence.com/email_status_portal 

 

0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to Vishal6

‎07-18-2024 04:21 AM

talosintelligence.com uses your Cisco.com account.

I haven't worked with the newer submission plug-in...

Yes. That's how the plugin works under the covers.
0 Helpful

Go to solution
Ken Stieers
VIP
VIP

‎07-17-2024 05:46 PM

Assuming they didn't change how this works in the cloud from the way on-prem ESAs work, the local accounts still work fine.after you enable SSO

 

0 Helpful

Go to solution
ccieexpert
Spotlight
Spotlight
In response to Ken Stieers

‎07-17-2024 11:22 PM

Yes it works the same on CES - actually i have implemented a few times.

0 Helpful

Go to solution
Vishal6
Level 1
Level 1
In response to Ken Stieers

‎08-09-2024 01:44 AM

Hello

I'm planning to follow below approach for sso login.

can i enable sso for only one gateway at first post successful sso, will enable for all gateway by making neccessary changes at reply assertion url at gateway and microsoft azure both.

does configuring sso will impact cli also or only gui login.

0 Helpful

Go to solution
ccieexpert
Spotlight
Spotlight
In response to Vishal6

‎08-09-2024 02:02 PM

yes you have to define each appliance on Azure.. and you can do one at a time..

only gui is doing SSO, not the CLI...

 

**Please mark as helpful if this was useful**

Go to solution
ajitk
Level 1
Level 1

‎07-17-2024 10:27 PM

Hi Vishal,

To analyze false positive or false negative emails in Cisco Email Security, follow these steps:

  1. Identify the Email:
    • Navigate to the Cisco Secure Email Submission Add-in to report any email that is classified incorrectly, such as false-negative (missed spam) or false-positive (legitimate email misclassified as spam) messages.
  2. Quarantine or Review Messages:
    • Use the Cisco IronPort Email Appliance (ESA) to store messages and examine them for false positive anti-spam verdicts.
    • Choose to send positively-identified spam, suspect spam, or marketing email to an alternate host or to the IronPort Spam Quarantine (ISQ) for review.
  3. Submit to Cisco TAC:
    • Contact the Cisco Technical Assistance Center (TAC) to report false positives.
    • Provide the collected information to the Diagnostic Team for further analysis and to resolve the issue.
  4. Monitor and Adjust Policies:
    • Regularly track the volume of spam and legitimate emails to identify trends and adjust policies accordingly.
    • Use the Incoming Mail Overview page to monitor spam detection and reputation filtering.
0 Helpful
Customers Also Viewed These Support Documents