Solved: Difference between Senderbase and Service Logs

Siebe · ‎03-01-2021

Does someone know the difference and benefits between Senderbase and Service Logs. From Async 13.5 Service Logs will replace senderbase. According to the shared data per solution different data is offered to talos:

Senderbase: machine oriented:

https://www.cisco.com/c/en/us/td/docs/security/esa/esa12-0/user_guide/b_ESA_Admin_Guide_12_0/b_ESA_Admin_Guide_12_0_chapter_0100100.html

Service Logs, message oriented
https://www.cisco.com/c/en/us/td/docs/security/esa/esa13-5-1/user_guide/b_ESA_Admin_Guide_13-5-1/m_service_logs.html?bookSearch=true

Ken Stieers · ‎03-01-2021

So, those pages have tables as to what data they're working with.

I'm going to REALLY oversimplify this.

Senderbase cared about sending IP. If the IP sent junk, it would get marked as having a bad reputation.

Sender Domain Reputaion (SDR) cares about domains. Does the domain have a good/bad rep, no matter where they're sending from.

ServiceLogs is looking at more pieces of each mail, and building a more "machine learning" based set of markers for bad mail.

They're looking at the whole pattern of mail from a sender, and then seeing if a specific mail from them matches, etc.

View solution in original post

Ken Stieers · ‎03-01-2021

So, those pages have tables as to what data they're working with.

I'm going to REALLY oversimplify this.

Senderbase cared about sending IP. If the IP sent junk, it would get marked as having a bad reputation.

Sender Domain Reputaion (SDR) cares about domains. Does the domain have a good/bad rep, no matter where they're sending from.

ServiceLogs is looking at more pieces of each mail, and building a more "machine learning" based set of markers for bad mail.

They're looking at the whole pattern of mail from a sender, and then seeing if a specific mail from them matches, etc.