To see the URL information in your mail_logs only (at the moment).
You will need to enable URL logging to be done via the outbreakfilterconfig via the command line.
Outbreak Filters: Enabled
Choose the operation you want to perform: - SETUP - Change Outbreak Filters settings. - CLUSTERSET - Set how the Outbreak Filters are configured in a cluster. - CLUSTERSHOW - Display how the Outbreak Filters are configured in a cluster. > setup
Outbreak Filters: Enabled Would you like to use Outbreak Filters? [Y]>
Outbreak Filters enabled.
Outbreak Filter alerts are sent when outbreak rules cross the threshold (go above or back down below), meaning that new messages of certain types could be quarantined or will no longer be quarantined, respectively.
Would you like to receive Outbreak Filter alerts? [N]>
What is the largest size message Outbreak Filters should scan? >
Do you want to use adaptive rules to compute the threat level of messages? [Y]>
Logging of URLs is currently disabled.
Do you wish to enable logging of URL's? [N]> y
Logging of URLs has been enabled.
The Outbreak Filters feature is now globally enabled on the system. You must use the 'policyconfig' command in the CLI or the Email Security Manager in the GUI to enable Outbreak Filters for the desired Incoming and Outgoing Mail Policies.
Note: Ensure that you commitany and all changes to your configuration before you proceed from either the GUI or the CLI on your ESA.
You can see the steps to enable it in this article:
Usually no news means good news in security, but how do you know what is working, what could be better and where you should invest? Introducing the Cisco Security Outcomes Study.
We commissioned an independent survey of 4,800 active security a...
Cisco is happy to announce their Fall release, FTD 6.7/ASA 9.15.1/FXOS 2.9, which consists of 104 features across 24 initiatives, addressing technical debt while staying true to our five core investment areas: Ease of Use and Deployment, Unified Policy an...
Hi Team, I have one exclusion provided by internal team which is Is it right way to exclude ? *\Program Files\XYZ\* , as per Cisco Docs i see its not recommended because it will create performance issue when we use * at starting , So...
Central Log Management using Cisco Security Analytics and Logging, December 2nd at 8am-9:30am PT
Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a c...