cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

Email Security - what capabilities does it provide and how can I integrate it with Threat Response?

238
Views
0
Helpful
0
Comments

Threat Response integrates with Cisco Email Security in one of two ways: Directly from the ESA, or via an SMA. Each has its own module, but either will bring email visibility into your investigations performed in Threat Response.

 

Via an SMA:

The SMA (Security Management Appliance) module is an enrichment module. The SMA module allows investigators to take actions such as searching email records for sender email and IP, email subject and message header, among other elements, across data from all ESAs connected to that SMA.

To integrate your SMA with Threat Response, you may use the quick start guide for SMA, or review the in product configuration steps

 

ESA direct integration:

The ESA (Email Security Appliance) module is an enrichment module. The ESA module allows investigators to take actions such as searching email records for sender email and IP, email subject and message header, among other elements, across data from the one ESA configured with that module. Multiple ESA modules may be configured, if the user has multiple ESAs.

To integrate your ESA with Threat Response, review the in product configuration steps



Learn more about Threat Response here, or check out other FAQs here

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here