Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3073
Views
0
Helpful
8
Replies

Image Analysis best practice on ESA

mizwan.saib-c
Level 1
Level 1

‎05-13-2017 09:48 AM

Hi support community,

I recently bought image analysis license for ESA. I need you advise on the best practice to implement this feature. Kindly advise.

Thanks.

1 person had this problem
Labels:
0 Helpful
8 Replies 8

dmccabej
Cisco Employee
Cisco Employee

‎05-13-2017 01:06 PM

Hello,

The setup for Image Analysis is pretty straightforward. I would recommend using the default settings and then tweaking from there depending on your needs. 

You can find more info on configuration of Image Analysis in the User Guide here : Image Analysis.

Thanks!

-Dennis M.

0 Helpful

mizwan.saib-c
Level 1
Level 1
In response to dmccabej

‎05-15-2017 05:25 PM

Hello dmccabej,

Thank you for the guide. :)

0 Helpful

mizwan.saib-c
Level 1
Level 1
In response to dmccabej

‎06-07-2017 09:39 PM

Hello. I would to know how to the test Image Analysis functionality? Currently we had raised the sensitivity from 65 to 75 but then still no image been quaratine or block. What will happened when I increase the sensitivity until 100? Kindly advise us how this feature working and how it rate the image. 

Thanks

0 Helpful

Libin Varghese
Cisco Employee
Cisco Employee
In response to mizwan.saib-c

‎06-08-2017 03:07 AM

Hi,

The higher the score threshold the less the chances of it being inappropriate.

Cisco fingerprinting determines the file type, and the image analyzer uses algorithms to analyze the image content. The scoring mechanism used is Cisco proprietary.

Lowering the sensitivity settings would increase chances of images getting caught, however can lead to false positives.

The following values are recommended:
• Clean: 0 to 49
• Suspect: 50 to 74
• Inappropriate: 75 to 100

- Libin V

0 Helpful

abdulhadizamri
Level 1
Level 1
In response to Libin Varghese

‎06-08-2017 07:54 PM

Hi Libin,

I go through the ESA 10-0-1 User Guide and found the statement as below:

For example, if you find that you are getting false positives, you can decrease the sensitivity setting. Or, conversely, if you find that the image scanning is missing inappropriate content, you may want to set the sensitivity higher. The sensitivity setting is a value between 0 (no sensitivity) and 100 (highly sensitive). The default sensitivity setting of 65 is recommended.

Need your advise which one is correct? lower is more sensitive or high is more sensitive?

0 Helpful

Libin Varghese
Cisco Employee
Cisco Employee
In response to abdulhadizamri

‎06-09-2017 02:32 AM

Lower is more sensitive. (can cause false positives as it would catch more content).

Higher is less sensitive. (can cause false negatives as it would catch less content).

And 65 is recommended.

- Libin V

0 Helpful

Sriram Subramanian
Cisco Employee
Cisco Employee

‎05-15-2017 06:31 AM

Hello,

You can find additional information related to Cisco ESA Image Analysis below:

http://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118557-technote-esa-00.html

0 Helpful

mizwan.saib-c
Level 1
Level 1
In response to Sriram Subramanian

‎05-15-2017 05:27 PM

Hi Sriram Subramanian,

Thank you the extra information. Makes me understand image analysis better. :)

0 Helpful
Customers Also Viewed These Support Documents