01-15-2021 07:54 AM
Hello
Is there a way to know a mail that goes to quarantine for which URL it goes for?
Are there any logs indicating the exact reason for a quarantined email?
Regards,
Konstantinos
01-15-2021 08:10 AM
That might need a few small changes on your side to be even more helpfull.
The starting point is to use message tracking and check for the URL category filter. This will allow to search if a category filter was the reason. Then you can open the message and check for the URL details to tell you exactly what was happening and which URL triggered the event.
If this not granular enough you can look at the raw data in mail_logs to find out more.
I hope that helps.
-Marc
-
01-19-2021 03:45 AM - edited 01-19-2021 03:57 AM
Hello,
Thanks for the answer @marc.luescherFRE
When you say to check the URL, you mean through ESA or externally?
I will try to test that and see how it goes
Thank you
01-19-2021 08:26 AM
I would first start by checking the URL verdict as reported by the ESA/SMA in message tracking.
Then you might want to get a second opinion on virustotal should you not agree.
01-22-2021 01:18 AM
Hello again!!
I checked the URL of the body and they are fine.
There is also an attachment, but I cannot in the message tracking if it has a malicious URL.
Nevertheless the message is quarantined due to URL category.
I have a filter in Content filter for this job in the policy
I would like to ask if the URL logging in oubreak filters will allow the URL details when the URL is found in another section and not in outbreak filters.
Regards,
Konstantinos
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide