Showing results for 
Search instead for 
Did you mean: 

Email Security - what capabilities does it provide and how can I integrate it with Threat Response?


Threat Response integrates with Cisco's Email Security Appliance (ESA) to provide Visibility into email-bourne threats. By adding an Email Security or SMA Email module to Threat Response, investigators will be able to search for email subject lines, email addresses, Cisco Message IDs, IP addresses, domains, URLs, attachment file names, and attachment file hashes that have been recorded by your ESA, or by your SMA managing ESA devices. 


Threat Response integrates with Cisco Email Security in one of two ways: Directly from the ESA, or via an SMA. Each has its own module, but either will bring email visibility into your investigations performed in Threat Response. 

Both modules (ESA and SMA Email) are enrichment modules. The ESA and/or SMA modules allows investigators to take actions such as searching email records for sender email and IP, email subject and message header, among other elements, across data from either one ESA (ESA module) or all ESAs connected to the SMA (SMA module). Multiple ESA modules may be configured, if the user has multiple ESAs but no SMA. The SMA module also handles Cloud Email Security (CES).


For a guided step by step walkthrough on how to quickly configure these products to work with Threat Response, view the Quick Start Guide here:


For additional information, consult the in product documentation:

ESA module: in product configuration steps

SMA email module: in product configuration steps


Learn more about Threat Response here, or check out other FAQs here