- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2024 05:17 AM
Hello All,
Need help on below points
Integration of CES CLI and GUI Login with SAML SSO using Microsoft Azure AD
- I'm in the process of integrating CES CLI and GUI login (cluster of 8 instances) with SAML SSO using Microsoft Azure AD. I'm referring to the documentation provided below. Please confirm if there are any risks involved? Specifically, while configuring SAML SSO would i lose access of administrator users created locally on the instances?
https://docs.ces.cisco.com/docs/saml-authentication
Submitting False Positive or False Negative Sample Mails
- Is there a mechanism available where we can submit sample emails identified as false positives or false negatives for analysis? We would like to know reason on why these emails were misclassified.
Solved! Go to Solution.
- Labels:
-
Email Security
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-09-2024 02:02 PM
yes you have to define each appliance on Azure.. and you can do one at a time..
only gui is doing SSO, not the CLI...
**Please mark as helpful if this was useful**
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2024 01:26 PM
No risk as the local admin will also work at the same time...
for evaluation of false positive you have to generally open a TAC case.
Please mark helpful if this was helpful.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2024 02:33 PM
you can send mail to SPAM@access.ironport.com, phish@access.ironport.com, ham@access.ironport.com, ads@access.ironport.com
Or you can can deploy the Outlook plugin. https://software.cisco.com/download/home/284900944/type/283090986/release/7.6.2-037
you can see what happens to those from here: https://talosintelligence.com/email_status_portal
(go to talosintelligence.com, login, click on Email Submissions in the upper right.)
From there, under Manage Account on the left you can claim you domains, etc...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-18-2024 03:35 AM
Hi Ken,
Do i need to create an account on talosintelligence.com before forwarding mails to SPAM@access.ironport.com, phish@access.ironport.com, ham@access.ironport.com, ads@access.ironport.com.
I have checked some document it says plug-in End Of Life was December 31, 2023 and in place of that email submission add-in have been introduced. Does installing Email submission add-in autoinstalls Encryption Add-In, if yes how can i unselect Encryption Add-In part. Please refer below screenshot.
Atlast forwarding mails to specified ironport mail address will make an auto entry to https://talosintelligence.com/email_status_portal
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-18-2024 04:21 AM
I haven't worked with the newer submission plug-in...
Yes. That's how the plugin works under the covers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2024 05:46 PM
Assuming they didn't change how this works in the cloud from the way on-prem ESAs work, the local accounts still work fine.after you enable SSO
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2024 11:22 PM
Yes it works the same on CES - actually i have implemented a few times.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-09-2024 01:44 AM
Hello
I'm planning to follow below approach for sso login.
can i enable sso for only one gateway at first post successful sso, will enable for all gateway by making neccessary changes at reply assertion url at gateway and microsoft azure both.
does configuring sso will impact cli also or only gui login.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-09-2024 02:02 PM
yes you have to define each appliance on Azure.. and you can do one at a time..
only gui is doing SSO, not the CLI...
**Please mark as helpful if this was useful**
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-17-2024 10:27 PM
Hi Vishal,
To analyze false positive or false negative emails in Cisco Email Security, follow these steps:
- Identify the Email:
- Navigate to the Cisco Secure Email Submission Add-in to report any email that is classified incorrectly, such as false-negative (missed spam) or false-positive (legitimate email misclassified as spam) messages.
- Quarantine or Review Messages:
- Use the Cisco IronPort Email Appliance (ESA) to store messages and examine them for false positive anti-spam verdicts.
- Choose to send positively-identified spam, suspect spam, or marketing email to an alternate host or to the IronPort Spam Quarantine (ISQ) for review.
- Submit to Cisco TAC:
- Contact the Cisco Technical Assistance Center (TAC) to report false positives.
- Provide the collected information to the Diagnostic Team for further analysis and to resolve the issue.
- Monitor and Adjust Policies:
- Regularly track the volume of spam and legitimate emails to identify trends and adjust policies accordingly.
- Use the Incoming Mail Overview page to monitor spam detection and reputation filtering.
