Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1211
Views
0
Helpful
1
Replies

Macro-Detection Logs

Ali
Level 4
Level 4

‎02-18-2018 04:20 AM - edited ‎03-08-2019 07:33 PM

Hi Community,

currently running ESA C390 which is integrated with SMA.

we have Macro-Detection Content Filter enabled, I am getting the report of Macro-Detection on SMA that matches the policy.

We have requirement that same macro-detection report need to be shown on external RSA server, when the  policy matches. 

when I am configuring the  "Add Log Subscription" from my ESA i am not able to find Macro-Detection in drop down list.

How can I configure / Needful Suggestion would be highly appreciated.

Thanks.

Labels:
0 Helpful
1 Reply 1

Mathew Huynh
Cisco Employee
Cisco Employee

‎02-18-2018 05:14 PM

Hello Ali,

 

There would be no individual log for Macro detection matches.

An alternative is to create a "Add Log-entry" content filter action for your macro detection filters to log some meaningful information.

This information is stored in your current mail_logs which you can grep the Log entry you're adding, it'll yield every unique MID which matched the content filter successfully.

 

So you could push the mail_logs out and run a script to pull the required information if required. 

 

Regards,

Matthew 

0 Helpful
Customers Also Viewed These Support Documents