Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1214
Views
5
Helpful
5
Replies

Hide Message Bodies to Security Administrators

Go to solution
caetano.baiao
Level 1
Level 1

‎10-21-2016 03:17 AM

Hi guys,

We have a couple of C370 ESAs at our company and just recently implemented End-User Quarantine Access and also some quarantine based on Content Filters.  Due to the fact that our team still has to manage the quarantine for some of our top board members, we need to ensure that the message bodies are not accessible to our appliance administrator or at least that we are notified if anybody accesses any of the message bodies.

Any help would be greatly appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎10-21-2016 06:07 AM

Hi Caetano,

Currently this is not a modifiable option, The message body of the messages in the quarantine will be shown and a notification cannot be generated based on that.

I do see an internal feature request already created for this ability to be added, however there is no ETA on the same.

Thanks

Libin Varghese

View solution in original post

5 Replies 5

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee

‎10-21-2016 06:07 AM

Hi Caetano,

Currently this is not a modifiable option, The message body of the messages in the quarantine will be shown and a notification cannot be generated based on that.

I do see an internal feature request already created for this ability to be added, however there is no ETA on the same.

Thanks

Libin Varghese

Go to solution
caetano.baiao
Level 1
Level 1
In response to Libin Varghese

‎10-21-2016 06:49 AM

Thank you very much for your prompt reply, Libin.  Really appreciate it.

0 Helpful

Go to solution
caetano.baiao
Level 1
Level 1
In response to Libin Varghese

‎10-21-2016 07:33 AM

Hi Libin,

Just another quick question:

Are there any logs generated related to the access to message bodies?  Not notifications, but something that an audit team could look at at a later time?

Thanks,

Caetano

0 Helpful

Go to solution
Libin Varghese
Cisco Employee
Cisco Employee
In response to caetano.baiao

‎10-21-2016 09:20 AM

Caetano,

Although there are no logs to look for that specifically, however euq_logs and euqgui_logs (for spam quarantine) and gui_logs (for other quarantines) do track all activities.

Note: these logs are not very human readable friendly - as such TAC does not generally audit these logs due to the volume and broadness of the log.

You could see what entries are created on viewing such an email and compare those logs from time to time.

Libin

0 Helpful

Go to solution
caetano.baiao
Level 1
Level 1
In response to Libin Varghese

‎10-21-2016 09:29 AM

Once again, thanks a lot Libin.  Your input has been of great help to us.

Have a great weekend.

Caetano

0 Helpful
Customers Also Viewed These Support Documents