Hello,
Our customer would like to know if there a way to log all URLs seen by the ESA during email inspection?
I mean even if the ESA thinks the URL is not malicious we would like to get a trace of all url so that we can investigate in case a user receive something bad.
The idea would be that by searching the URL in the logs we can see which users received it.
I was thinking of an URL reputation content filter with a condition:
if URL Reputation is -10;10 or noscore then add a log entry.
But does this dramaticaly use more ressources on the appliance? and is it a best practices ?
Thanks for any advices