Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About joelbland
09-11-2019
Stats
Member since
09-12-2016
21
Posts
5
Helpful
2
Solutions
07-12-2019
08:40 AM
@OlivierAvilez - The Disclaimer Template supports HTML and inline CSS. Here's an example with some red text. The code includes formatting for both Outlook and standard HTML clients: <!--[if mso]>
<div class="WordSection1"><table class="MsoTableGrid" style="border-collapse:collapse;border:none" cellspacing="0" cellpadding="0" border="0"><tbody><tr style="height:15.0pt"><td style="width:4.3pt;background:#C00000;padding:7.9pt .7pt 8.65pt .7pt;height:15.0pt" width="6" valign="top"><p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Segoe UI Semibold",sans-serif;color:black"><o:p> </o:p></span></p></td><td style="width:687.35pt;background:#FDF2F4;padding:7.9pt .7pt 8.65pt .7pt;height:15.0pt" width="916" valign="top"><p class="MsoNormal"><span style="font-size:11.5pt;font-family:"Segoe UI Semibold",sans-serif;color:black">The e-mail below is from an external source.<span style="color: DarkRed;"> Do not open attachments or click links</span> from an unknown source.<br>Forward suspicious emails to user@domain.com</p></td></tr></tbody></table><![endif]-->
<!--[if !mso]><!-->
<div style="color: #212121;background-color:#FDF2F4;border-left: 5px solid DarkRed; padding:10px 2px 5px 10px;font-family: Segoe UI Semibold,-apple-system,BlinkMacSystemFont,San Francisco,Roboto,Helvetica Neue,Arial; font-weight:500; font-size:15px; text-decoration: none; color: #000000; text-align:left;"><p>The e-mail below is from an external source.<span style="color: DarkRed;"> Do not open attachments or click links</span> from an unknown source.<br>Forward suspicious emails to user@domain.com</p>
<!--<![endif]--> Be sure to style your HTML inline so that any CSS in the body of the email doesn't override your disclaimer's formatting. W3 is a good resource for learning about HTML and CSS - https://www.w3schools.com/html/html_css.asp
... View more
04-19-2019
12:49 PM
Thanks, @marc.luescherFRE My Splunk skills are very basic, so I'm probably doing this wrong, but I'm charting CPU and RAM with: timechart avg(CPU_Total) by host and index=* RAM_Used>0 | timechart span=1h avg(RAM_Used) by host where CPU_Total and RAM_Used are field extractions from the status log.
... View more
04-12-2019
06:14 AM
Huge thanks to @marc.luescherFRE and @Paul Thomas Cyblue for providing these excellent Splunk examples. Following your guidance, @Paul Thomas Cyblue, I was able to quickly get a proof-of-concept dashboard working in my lab. Thanks!
... View more
Created by
joelbland
in Email Security
in Email Security
04-08-2019
01:36 PM
04-08-2019
01:36 PM
For Anti-Spam we're using Positive > 75 Suspect > 40
... View more
04-05-2019
07:25 AM
@Paul Thomas Cyblue - that's correct. CLI > logconfig > setup System metrics frequency (seconds):
[60]>
... View more
04-05-2019
06:23 AM
Very nice, Marc! Thanks for sharing. Perhaps you could provide the community with some guidance on how to get Splunk setup for this? Thanks! Joel
... View more
04-02-2019
09:40 AM
Hi Ken, The data is retrieved from the API when the page loads. No data is stored for the historical stats. Currently, the Historical page returns stats for the previous day, but could be modified to show the last 7 days, for example, by changing the API query.
... View more
04-02-2019
07:35 AM
Hello IronPort Admins, I recently built a web-based dashboard to help me monitor key health statistics for the ESAs in our environment. I'm sharing the code here so that others might benefit. The HTML is written using the Bootstrap3 framework, so it's easy to update the look of the page. The PHP can be modified to query the ESA API for other information as well. All you need is a web server running PHP that can access your ESA's API port to query the statistics. https://github.com/blandco/esa-health I appreciate any feedback. Please let me know if you have any questions. Thanks, Joel
... View more
Labels:
Created by
joelbland
in Email Security
in Email Security
12-20-2018
10:59 AM
12-20-2018
10:59 AM
@Phil Bradley - like @munbali said, you can leave the Conditions blank to match everything. Or you can detect yourdomain.com in the Header From by adding the 'Other Header' condition.
... View more
12-19-2018
12:55 PM
Hi all,
Our team has been working on a regular expression for detecting bitcoin addresses. I'd like to get your feedback on our RegEx and see what others are doing to detect crypto currency addresses in email.
The RegEx we're using in our Dictionary is:
(\s|^|\:)[1|3][a-km-zA-HJ-NP-Z0-9]{26,34}(\s|$|\.)
Our regex includes some additions besides the standard bitcoin regex. The additions address some specific samples we saw in our environment, such as a colon before the address or a period following the address.
Please let me know if you have any improvements to the RegEx or other strategies for detecting bitcoin addresses.
Thanks!
P.S. - It would be ideal if the ESA could perform the address validation via a Smart Identifier.
"...i n the spec itself they suggest to avoid using a RegEx or a length and content check to validate a Bitcoin address string, and points to this thread , where they show a validator that “does a “deep” validation, checking that the checksum built into every bitcoin address matches the address.”
http://mokagio.github.io/tech-journal/2014/11/21/regex-bitcoin.html
... View more
Labels:
Created by
joelbland
in Email Security
in Email Security
11-29-2018
11:56 AM
11-29-2018
11:56 AM
@elbeshti - the selector can be any value you choose. The selector allows a single domain to host multiple public keys.
... View more
Created by
joelbland
in Email Security
in Email Security
04-25-2018
10:24 AM
04-25-2018
10:24 AM
Thanks, Mathew. I'll submit a feature request to TAC.
... View more
04-19-2018
07:51 AM
Hello,
I'm attempting to validate an incoming content filter using the Trace function before committing the changes to the ESA, however, it appears that it doesn't actually evaluate the country code from the IP address given. However, if I commit the change and review the mail_logs, the ESA matches on the country code.
Example filter:
Trace Information:
IP Address = 178.250.144.155
Senderbase indicates this IP is located in the Netherlands.
(https://talosintelligence.com/reputation_center/lookup?search=178.250.144.155)
However, the Trace results do not reflect that:
While the mail_logs do correctly reflect this, only when the content filter has been committed:
Info: MID123456 Custom Log Entry: Detect-NL-LogEntry detected connection from the Netherlands on IP 178.250.144.155
Should the ESA evaluate the country code in the Trace function?
Thanks!
... View more
Labels:
04-05-2018
09:05 AM
The use case for this was ingestion of specific headers into our SIEM platform. As Marc points out, logging everything is a potential performance hit. We ultimately decided to use log-entry actions to target the specific headers we needed. This also allowed us to format the log lines for easier parsing by our SIEM.
For example:
log-entry("hostname=\"$Hostname\" direction=\"inbound\" size=\"$BodySize\" env_sender=\"$envelopefrom\" policy=\"$Policy\" listener=\"$RecvListener\" interface=\"$RecvInt\" src_ip=\"$RemoteIP\" src_host=\"$remotehost\" message_id=\"$Header['Message-ID']\"")
... View more
09-29-2017
08:33 AM
We are still experiencing this issue in AsyncOS 11.0.0-264. Is there an estimate on when this will be resolved? Thanks
... View more
07-12-2019
@OlivierAvilez - The Disclaimer Template supports HTML and inline
CSS.Here's an example with some re...
04-19-2019
Thanks, @marc.luescherFRE My Splunk skills are very basic, so I'm
probably doing this wrong, but I'm...
04-12-2019
Huge thanks to @marc.luescherFRE and @Paul Thomas Cyblue for providing
these excellent Splunk exampl...
Created by
joelbland
in Email Security
04-08-2019
04-08-2019
For Anti-Spam we're using Positive > 75Suspect > 40
04-05-2019
@Paul Thomas Cyblue - that's correct.CLI > logconfig > setupSystem
metrics frequency (seconds): [60]...
04-05-2019
Very nice, Marc! Thanks for sharing. Perhaps you could provide the
community with some guidance on h...
04-02-2019
Hi Ken,The data is retrieved from the API when the page loads. No data
is stored for the historical ...
04-02-2019
Hello IronPort Admins,I recently built a web-based dashboard to help me
monitor key health statistic...
12-20-2018
@Phil Bradley - like @munbali said, you can leave the Conditions blank
to match everything. Or you c...
12-19-2018
Hi all, Our team has been working on a regular expression for detecting
bitcoin addresses. I'd like ...
11-29-2018
@elbeshti - the selector can be any value you choose. The selector
allows a single domain to host mu...
04-19-2018
Hello, I'm attempting to validate an incoming content filter using the
Trace function before committ...
04-05-2018
The use case for this was ingestion of specific headers into our SIEM
platform. As Marc points out, ...
Public Statistics
| Date Registered | 09-12-2016 05:58 AM |
| Date Last Visited | 09-11-2019 02:07 AM |
| Total Messages Posted | 21 |
| Total Helpful Votes Received | 5 |
Helpful Votes Given To
| User | Helpful Count |
|---|---|
| 15 | |
| 25 | |
| 5 | |
| 5 | |
| 5 |
