Cisco Cisco Email Security Appliance C170 Betriebsanweisung
14-5
Cisco AsyncOS 8.5 for Email User Guide
Chapter 14 Outbreak Filters
How Outbreak Filters Work
Figure 14-1
Cisco Security Splash Screen Warning
The only way to access the Cisco web security proxy is through a rewritten URL in a message. You
cannot access the proxy by typing a URL in your web browser.
cannot access the proxy by typing a URL in your web browser.
Tip
To redirect all URLs in suspected spam messages to the Cisco Web Security proxy service, see
Modifying Messages
The Outbreak Filters feature modifies the message body of a non-viral threat message not only to rewrite
the URLs but to alert the user that the message is a suspected threat. The Outbreak Filters feature can
modify the subject header and add a disclaimer about the message’s content above the message body.
See
the URLs but to alert the user that the message is a suspected threat. The Outbreak Filters feature can
modify the subject header and add a disclaimer about the message’s content above the message body.
See
for more information.
The threat disclaimer is created using the Disclaimer template through the Mail Policies > Text
Resources page. See
Resources page. See
for more information.
Types of Rules: Adaptive and Outbreak
Two types of rules are used by Outbreak Filters to detect potential outbreaks: Adaptive and Outbreak.
The Outbreak Filters feature uses these two rule sets to provide the highest efficacy and the most focused
set of criteria for threat detection to ensure that filters can be laser focused on a particular outbreak. The
Outbreak Filters rules and actions are visible to the administrator, not hidden away behind the scenes,
providing instant access to quarantined messages and the reason why they were quarantined.
The Outbreak Filters feature uses these two rule sets to provide the highest efficacy and the most focused
set of criteria for threat detection to ensure that filters can be laser focused on a particular outbreak. The
Outbreak Filters rules and actions are visible to the administrator, not hidden away behind the scenes,
providing instant access to quarantined messages and the reason why they were quarantined.
Outbreak Rules
Outbreak Rules are generated by the Cisco Threat Operations Center (TOC), which is a part of the Cisco
Security Intelligence Operations, and focus on the message as a whole, rather than just attachment
filetypes. Outbreak Rules use SenderBase data (real time and historical traffic data) and any combination
of message parameters such as attachment file type, file name keywords, or anti-virus engine update to
recognize and prevent outbreaks in real time. Outbreak Rules are given a unique ID used to refer to the
rule in various places in the GUI (such as the Outbreak quarantine).
Security Intelligence Operations, and focus on the message as a whole, rather than just attachment
filetypes. Outbreak Rules use SenderBase data (real time and historical traffic data) and any combination
of message parameters such as attachment file type, file name keywords, or anti-virus engine update to
recognize and prevent outbreaks in real time. Outbreak Rules are given a unique ID used to refer to the
rule in various places in the GUI (such as the Outbreak quarantine).