Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
11-6
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 11 Data Loss Prevention
•
Sending messages to an alternate destination mailhost.
•
Sending copies (bcc) of messages to other recipients. (For example, you could copy messages with
critical DLP violations to a compliance officer’s mailbox for subsequent examination.)
critical DLP violations to a compliance officer’s mailbox for subsequent examination.)
•
Sending a DLP violation notification message to the sender or other contacts, such as a manager or
DLP compliance officer.
DLP compliance officer.
Message actions can be taken on all DLP policy severity levels except Ignore. See
for more information on severity levels for RSA Email DLP.
Note
These actions are not mutually exclusive: you can combine some of them within different DLP policies
for various processing needs for different user groups. You can also configure different treatments based
on the different severity levels in the same policy. For example, you may want to quarantine messages
with critical DLP violations and send a notification to a compliance officer but deliver messages with
low severity levels.
for various processing needs for different user groups. You can also configure different treatments based
on the different severity levels in the same policy. For example, you may want to quarantine messages
with critical DLP violations and send a notification to a compliance officer but deliver messages with
low severity levels.
For RSA Email DLP, specify the message actions you want your DLP policies to use when creating or
editing the policies using the DLP Policy Manager. See
editing the policies using the DLP Policy Manager. See
for more
information.
For RSA Enterprise Manager, create the message actions on your Email Security appliance first. The
appliance sends the names and metadata of the message actions to Enterprise Manager, allowing you to
use the actions in the DLP policies you create and manage in Enterprise Manager. See the RSA
Enterprise Manager technical documentation for more information.
appliance sends the names and metadata of the message actions to Enterprise Manager, allowing you to
use the actions in the DLP policies you create and manage in Enterprise Manager. See the RSA
Enterprise Manager technical documentation for more information.
If you upgrade an appliance with existing DLP policies to AsyncOS 7.6, the operating system
automatically converts the actions defined in the existing policies into message actions and updates the
policies accordingly. AsyncOS generates names for the message actions but you can rename them using
the DLP Message Actions page in the GUI. For information on renaming actions, see
automatically converts the actions defined in the existing policies into message actions and updates the
policies accordingly. AsyncOS generates names for the message actions but you can rename them using
the DLP Message Actions page in the GUI. For information on renaming actions, see
The DLP Message Actions page displays a list of the actions on your appliance. Click the Policies link
in the Message Actions table to see the policies to which each action is assigned. Click the Description
link to see a description of each action.
in the Message Actions table to see the policies to which each action is assigned. Click the Description
link to see a description of each action.
Figure 11-1
List of Actions on an Email Security Appliance
Creating a Message Action
Step 1
Select Mail Policies > DLP Message Actions.
Step 2
Click Add Message Action. The Add Message Action page is displayed.