Hi,

bsrinu001 · ‎04-28-2017

Hi Team,

Please let us know how to set field notices for our ESA and how to set alerts from CLI/GUI and at display alerts we see

Potential Directory Harvest Attack detected. See the system mail logs for more information about this attack.

how to detect/check mails logs for the same.

Libin Varghese · ‎04-28-2017

Hi,

You can enable notifications for field notices using the below link.

http://www.cisco.com/cisco/support/notifications.html

Product Specific -> Security -> Email Security -> All Email Security -> Security Advisories & Responses and Field Notices.

Alerts on the ESA are configured under System Administration -> Alerts.

To understand the types of alerts review the online help guide or the end user guide below

http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa9-7/ESA_9-7_User_Guide.pdf
Page 33-32

Understanding DHAP alerts
http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/117847-technote-esa-00.html
http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118936-technote-esa-00.html

Thank You!
Libin Varghese

marc.luescherFRE · ‎05-03-2017

Different options exist for the CLI part.

We have two log files forwarders of mail_logs to syslog and splunk and have created scripts on the backend us on critical alerts.

Another ways is CGYWIN and write your script grepping the log files directly from the Ironports.

There are sample on Cisco website on how to do this - but be warned it is painfull setup. Look for an Ironport book from Chris Porter he had a good chapter on how to do this.

Field Notices and Display allerts