Trying to setup a content filter to search the body of the email for a sentence/phrase and not having a lot of luck getting it to work. Looking to setup a filter to match on "You'll make the payment through Bitcoin" so that I can send them to a quarantine for review and deletion. I have tried setting it via condition looking in Message Body contains text and another condition contains term in content dictionary and created a dictionary that includes the phrase in it. Not having any luck getting it to match. any help appreciated.
I would break it down and first test by looking for just one word like "Bitcoin" then I would expand it to "make the payment through Bitcoin" I think the apostrophe in the "You'll" may be tripping you up if you are not escaping it with a backslash "You\'ll"
also have you tried running your RegEx through a Regular Exprassion checker such as:
Also under System Administration there is a Trace utility that allows you to test what will happen to your message as it goes through the sausage maker machine, please give that a shot with the text you are searching for in the Paste Message Body section
you can also paste your actual filter here on the forum for smarter folks than me to look at
Thanks for the response. I actually figured it out this morning with support. The filter was correct but I have a few incoming mail policies and had to add the filter to the ones that didn't inherit the settings of the default policy.
IntroductionFeatured ExpertLive QuestionsQ: Can we integrate Cisco TR with third party security vendors like Malware protection for trend microQ: So, if we use Splunk SIEM, we could see that in the Threat Response console?Q: Can I use CTR with just FTD or...
Hello team I have configured guest access on ise which is working fine.But rigth now when requestion access, guest can put 4 numeric value in phone number fields. How to force use filling the account creation form with a minimum of 8 numer...
QuestionHello , somebody know if it´s possible to remove the device registration status from the MyDevices portal for the spanish page?By default the status is dispalyed (registered/Pending), this condition was fixed in the english page after load a...
Dears, Please note that I have ASA 5515 running version 9.4.(4)20 and managed through FDM. In addition, I have FMC version 188.8.131.52 for the IPS. I need to upgrade the only the ASA to the latest supported version that work with the FMC version 6.0...
To participate in this event, please use the button to ask your questions
This topic is a chance to clarify your questions about Cisco Threat Response, from its components and new features to ...