04-28-2017 08:14 AM
Hi Team,
Please let us know how to set field notices for our ESA and how to set alerts from CLI/GUI and at display alerts we see
Potential Directory Harvest Attack detected. See the system mail logs for more information about this attack.
how to detect/check mails logs for the same.
04-28-2017 08:43 AM
Hi,
You can enable notifications for field notices using the below link.
http://www.cisco.com/cisco/support/notifications.html
Product Specific -> Security -> Email Security -> All Email Security -> Security Advisories & Responses and Field Notices.
Alerts on the ESA are configured under System Administration -> Alerts.
To understand the types of alerts review the online help guide or the end user guide below
http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa9-7/ESA_9-7_User_Guide.pdf
Page 33-32
Understanding DHAP alerts
http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117847-technote-esa-00.html
http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118936-technote-esa-00.html
Thank You!
Libin Varghese
05-03-2017 10:05 AM
Different options exist for the CLI part.
We have two log files forwarders of mail_logs to syslog and splunk and have created scripts on the backend us on critical alerts.
Another ways is CGYWIN and write your script grepping the log files directly from the Ironports.
There are sample on Cisco website on how to do this - but be warned it is painfull setup. Look for an Ironport book from Chris Porter he had a good chapter on how to do this.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide