"Could I code any complex regex conditions in a content filter beyond what the rules editor allows me to do?"
No you can't, GUI or CLI the content fitlers do not allow for complex regex. However, the CLI's message filters allow for 'else' and 'if not' statememts. Unlike content filters, message filters are not directional (inbound vs. outbound emails), so you have to define a direction for them. If you do not, the appliance will start to look at traffic coming from the internet and leaving for the internet. This will increase load on the unit, as it has to look at all traffic.
The best way to accomplish this task would be via an LDAP membership profile, and a special outbound mail policy, and your defuault catch all outbound mail policy. A user can only match one mail policy, even if they exist in more than one.
Steps I would take to accomplish this task:
Most likely you already have an LDAP system, this repository has all your users, and they are most likely already in buckets/groups.
EncryptEmail -- new group
1. you will need an LDAP profile on your appliance (system administration-- LDAP ) ## will control group membership queries, mail from, authentication .. among many other
2. create a group in your LDAP system called -- "EncryptEmail" ## -- name is yours to define, add all your users allowed to encrypt to the group.
2A-- create an LDAP group profile 'ldap_server'
2B --Create an LDAP group query 'ldap_server.group'
3. create an outbound Encrypt filter that looks for the encrypt flag set to \[SEND SECURE\] ##-- single escapes-- content filter will handle the second escape, or what ever flag you are actually looking for.
4. create an outgoing mail policy that will be for your 'ldap_server_profile.group-query.EncryptEmail' ###as people get added or removed, your LDAP system membership will be altered' you don't have to touch the mail policy again
(mail policies-- outgoing mail policies ADD LDAP Group Query -- select your group query, and add the name of your group, example is using "EncryptEmail"), when you click add it will look something like this
5. now activate your -outbound Encrypt filter- only on the your outbound mail policy that has the LDAP group on it.
Encryption will only be done for the people that match on your LDAP outbound mail policy, and have their subject flag on. Other traffic from these users will also match, but will not be encrypted. Since content filters can be activated on different mail policies, you can also activate any other policy type content filter you have for all your users on this outbound policy too. By default it will enherit AS and AV Scanning, so you should not have to add them. if you have done something that stops this, then, please enable AS and AV on the new mail policy too.
Now to deal with the users that are not in your encrypt LDAP group, and flagged/subject thier email for encryption
6. on your default outbound mail policy, create an new outbound mail content filter that has one conditions
6A Condition: "looks for your encrypt flag/subject"
6B First Action: if the flag/subject is found: Notify action -- notify the sender and the administrator--
6C Second Action: if the flag/subject is found: Bounce action -- this is final, and the email will be returned.
7. active your new content filter on the default 'catch all' outbound mail policy.
Submit and commit all your work a long the way.
you are done. I strongly advice you to test the steps with a couple of testing mail policies that only have IT guys in the them. once working, you can push the work to prod.
If you still want to do this via a message filter,
With the enhancements in ISE 3.0 for integrating with Azure AD via SAML IdP, it is now possible to leverage Microsoft Single Sign-On for multiple ISE Portals (for example Sponsor and Guest/BYOD Portals).
At the time of this writing, ISE cann...
With the enhancements in ISE 3.0 for integrating with Azure AD via SAML IdP, it is now possible to create a BYOD Flow to provide Wireless network access using an employee’s Azure AD credentials.
The table below shows the whole Cisco Security solutions + Splunk integrations add-ons. Kindly let me know if I have missed some add-ons or if there are any new updates. Thank you!
Hope this will be helpful for everyone who is looking for Splunk in...
A python based script to generate report if there are disabled rules under an Access Control Policy and an option to delete those rules in bulk.
Step 1 Download the script on PCStep 2 Make sure python3 is installed on PC and have reach...
A python based script to generate report if there are double logging on FMC ACP (logging at beginning and end), having rule action "Allow" or "Trust". (Option1 )
Also, the logging at the begging will be disabled if logging is detected for both beginning ...