cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1128
Views
10
Helpful
7
Replies

Cisco ESA

ccna_security
Level 3
Level 3

Dear all. yesterday I configured External Threat Feed in cisco esa. In order test it I send malicious url from my personal email to corporate email. that email directly send to Outbreak quarantine and approximately 1 hour later that email released from quarantine and forwarded to corporate email along with SUSPICIOUS warning message. Now I have 2 questions

1. Why malicious link forwarded to corporate email instead of being blocked?

2. How can I test whether External Threat Feed functionality works or not. 

I would be thankfull if you help me to solve this questions

7 Replies 7

External feeds just give the ESA info to work with, you still have to configure a Content Filter or Message Filter to actually do something with it.



It was sent to Outbreak because the Outbreak filters caught it, and it was delivered because your Outbreak Filter isn't set to delete, its set to release when the timeout expires.






Thanks for your reply. Could you please tell me how can i test External threat feed? Actually i configured external threat feed and content filter that will be triggered when someone send me email which constitute malicious email inside it. But only outbreak filter catchs it not ETF. So how can i test ETF? How can i proof that ETF works as expected? 

Look at the adming guide page 9 onwards to configure ExternalThreat Feeds

 

https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_12_0_chapter_0110001.pdf

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I configured etf from the same documentation you sent. But not able to test whether it works

I configured etf from the same documentation you sent. But not able to test whether it works.. 

Look at the logs to make sure they're successful.



There's a huge section in the on-box help on how to set up content filters for external feeds.




https://www.youtube.com/watch?v=kFn6r3SP6qA

 

Please look at this link that helped me to configure ETF. But did not show testing part.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: