Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2029
Views
15
Helpful
6
Replies

Cisco ESA Suspected URL

Go to solution
ccna_security
Level 3
Level 3

‎08-22-2019 10:45 PM

Dear all. 

I configured url filtering and added -5 -3 (Custom Range) for Suspected url. But some emails (with legitimate urls inside it) get blocked by esa due to newly created suspected url content filter. Could you please tell me how can I see the exact score that URL filter observe and thinks that this is suspected url.

 

And do you think that best approach is to decrease Custom Range for example -5 -1 ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ppreenja
Cisco Employee
Cisco Employee
In response to ccna_security

‎08-23-2019 12:12 AM

Hello CCns90,

Log entry is the custom entry which you can modify as per your requirement i.e. you can consider it as a kind of text that you would like to see in the message tracking if a given content filter is being hit.

URL Logging will show you the score of the URL (which was sent in the email) in the message tracking.

I hope the above explains.

Cheers,
Pratham

View solution in original post

6 Replies 6

Go to solution
ppreenja
Cisco Employee
Cisco Employee

‎08-22-2019 10:55 PM

Hello CCns90,

You can configure logging of the URL in the mail logs/message tracking by enabling the same in outbreakconfig via CLI.
Please find below the steps for the same:

myESA> outbreakconfig

Outbreak Filters: Enabled

Choose the operation you want to perform:
- SETUP - Change Outbreak Filters settings.
[]> SETUP

Outbreak Filters: Enabled
Would you like to use Outbreak Filters? [Y]>

Outbreak Filters enabled.
.
.
.
.
Logging of URLs is currently disabled.

Do you wish to enable logging of URL's? [N]> Y

Enable the logging as seen above.

I hope this helps!

Cheers,
Pratham

Go to solution
ccna_security
Level 3
Level 3
In response to ppreenja

‎08-22-2019 11:02 PM

Thank you. Is it possible to create URL logging by configuring Content Filter? Add Log Entry for example? If I configured it, will it show me exact information about the reason why esa blocks legitimate URL?
0 Helpful

Go to solution
ppreenja
Cisco Employee
Cisco Employee
In response to ccna_security

‎08-22-2019 11:19 PM - edited ‎08-22-2019 11:20 PM

Hello CCns90,

In the content filter, you have the option of selecting the URL reputation range condition and take the action on the same accordingly.

You can have a custom log entry created in the action so that you can come to know the given content filter was hit and since the URL reputation was falling in the same range and hence it was acted upon by the filter.
Hence, you can put a custom entry to know the reason.

With the URL logging enabled, you will be able to see the URL reputation score in the message tracking as well which should be falling in the given customer range in the condition of the content filter.

Please find attached the sample example screenshot for the same.

Cheers,
Pratham

Preview file
139 KB

Go to solution
ccna_security
Level 3
Level 3
In response to ppreenja

‎08-23-2019 12:03 AM

Hi Pratham

 

as I understand you recommend to create Custom entry log in content filter and enabling URL logging via CLI. Right?

 

One last think please explain what is the difference between Log Entry and URL logging?

0 Helpful

Go to solution
ppreenja
Cisco Employee
Cisco Employee
In response to ccna_security

‎08-23-2019 12:12 AM

Hello CCns90,

Log entry is the custom entry which you can modify as per your requirement i.e. you can consider it as a kind of text that you would like to see in the message tracking if a given content filter is being hit.

URL Logging will show you the score of the URL (which was sent in the email) in the message tracking.

I hope the above explains.

Cheers,
Pratham

Go to solution
ccna_security
Level 3
Level 3
In response to ppreenja

‎08-23-2019 12:18 AM

That is all . I got what I need. thank you so much

0 Helpful
Customers Also Viewed These Support Documents