02-13-2023 08:42 PM
I would like to understand, what are the solutions/integrations available with ESA for below questions.
1. Retrospective email response from Exchange mailbox, if false negative email delivered through ESA ?
2. Suspicious email reporting by end-users ?
Solved! Go to Solution.
02-14-2023 10:18 PM
Hello there,
Indeed MAR allows the ESA to take an action over emails which attachment was previously determined benign and retrospectively classified as malicious. Integration can be done with both Office 365 and On premise exchange. Here is a good article explaining how the integration is done and going over deeper details about the process: cisco.com/c/en/us/support/docs/security/email-security-appliance/211404-How-to-configure-Azure-AD-and-Office-365.html.
About the message tracking remedation, you may take a look at search and remediate, which allows you to take action from emails displayed in message tracking without waiting for a retrospective verdict from AMP. Here is more information about this: https://www.cisco.com/c/en/us/td/docs/security/esa/esa13-5-1/user_guide/b_ESA_Admin_Guide_13-5-1/b_ESA_Admin_Guide_12_1_chapter_010101.html#con_1096601
Hope it helps.
Cheers.
02-14-2023 07:16 AM
02-14-2023 09:03 PM
Thanks Ken for taking time to answer my question.
However, I need clarification on MAR (Mailbox Auto Remediation) under AMP module in ESA, my understanding about is that "ESA can integrate with on-prem Exchange and o365 exchange to pull the AMP false negative emails".
Also, from the Message tracking in the new ESA portal with 4431 port, we can manually pull/quarantine the emails from on-prem exchange and o365 exchange.
Response on these will be highly appreciated. Many thanks.
02-14-2023 10:18 PM
Hello there,
Indeed MAR allows the ESA to take an action over emails which attachment was previously determined benign and retrospectively classified as malicious. Integration can be done with both Office 365 and On premise exchange. Here is a good article explaining how the integration is done and going over deeper details about the process: cisco.com/c/en/us/support/docs/security/email-security-appliance/211404-How-to-configure-Azure-AD-and-Office-365.html.
About the message tracking remedation, you may take a look at search and remediate, which allows you to take action from emails displayed in message tracking without waiting for a retrospective verdict from AMP. Here is more information about this: https://www.cisco.com/c/en/us/td/docs/security/esa/esa13-5-1/user_guide/b_ESA_Admin_Guide_13-5-1/b_ESA_Admin_Guide_12_1_chapter_010101.html#con_1096601
Hope it helps.
Cheers.
02-15-2023 05:24 AM
Thanks Jose for clarification. One last question - Does "on-prem virtual ESA" can be integrated with Exchange to pull the malicious emails OR only with Cloud ESA ?
02-15-2023 09:34 AM
Hello,
Yes you can integrate a virtual ESA based on-prem with MAR.
Cheers.
02-15-2023 04:46 AM
02-15-2023 05:25 AM
Hi Ken - Does "on-prem virtual ESA" can be integrated with Exchange to pull the malicious emails OR only with Cloud ESA it's possible ?
02-15-2023 05:31 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide