Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2542
Views
0
Helpful
1
Replies

IronPort Alert when a Message is dropped AMP

Go to solution
anotthak8
Level 1
Level 1

‎06-09-2016 03:14 PM

I am wondering if there is a way that an email alert can be generated whenever a message is dropped by AMP.

Any insight will be helpful. Thank you in advance!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee

‎06-09-2016 05:13 PM

Hello Anotthak,


The only option I can think of is, set Malicious AMP to 'deliver' but add a header.

Then add a content filter to look for this header, and send a notification to your administrator or so and drop the email after.


However I had noted an issue when this is used, if the email gets sent to the AMP quarantine and released for the AMP rescan, if it's deemed malicious, it will deliver the email as is - this is because a second rescan would not put the email through the content filters again.


Regards,

Matthew

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee

‎06-09-2016 05:13 PM

Hello Anotthak,


The only option I can think of is, set Malicious AMP to 'deliver' but add a header.

Then add a content filter to look for this header, and send a notification to your administrator or so and drop the email after.


However I had noted an issue when this is used, if the email gets sent to the AMP quarantine and released for the AMP rescan, if it's deemed malicious, it will deliver the email as is - this is because a second rescan would not put the email through the content filters again.


Regards,

Matthew

0 Helpful
Customers Also Viewed These Support Documents