To see the URL information in your mail_logs only (at the moment).
You will need to enable URL logging to be done via the outbreakfilterconfig via the command line.
Outbreak Filters: Enabled
Choose the operation you want to perform: - SETUP - Change Outbreak Filters settings. - CLUSTERSET - Set how the Outbreak Filters are configured in a cluster. - CLUSTERSHOW - Display how the Outbreak Filters are configured in a cluster. > setup
Outbreak Filters: Enabled Would you like to use Outbreak Filters? [Y]>
Outbreak Filters enabled.
Outbreak Filter alerts are sent when outbreak rules cross the threshold (go above or back down below), meaning that new messages of certain types could be quarantined or will no longer be quarantined, respectively.
Would you like to receive Outbreak Filter alerts? [N]>
What is the largest size message Outbreak Filters should scan? >
Do you want to use adaptive rules to compute the threat level of messages? [Y]>
Logging of URLs is currently disabled.
Do you wish to enable logging of URL's? [N]> y
Logging of URLs has been enabled.
The Outbreak Filters feature is now globally enabled on the system. You must use the 'policyconfig' command in the CLI or the Email Security Manager in the GUI to enable Outbreak Filters for the desired Incoming and Outgoing Mail Policies.
Note: Ensure that you commitany and all changes to your configuration before you proceed from either the GUI or the CLI on your ESA.
You can see the steps to enable it in this article:
thank you very much for this solution. It really took me a while to find this post. It just works like a charm. Now we are able to see all URLs within an e-mail, as well as matched category and URL defang action, logged in the mail_logs - Great!