Cisco Cisco Email Security Appliance C160 Guía Del Usuario
18-30
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 18 Data Loss Prevention
RSA Enterprise Manager
Using LDAP to Identify Message Senders for Enterprise Manager
When the Email Security appliance sends DLP incident data to Enterprise Manager, the appliance must
include the complete LDAP distinguished names in order to identify message senders. The appliance
retrieves this information from an LDAP server.
include the complete LDAP distinguished names in order to identify message senders. The appliance
retrieves this information from an LDAP server.
Before You Begin
•
Complete all steps to this point in the table in
. The User Distinguished Name Query option is not
available unless you follow these instructions.
•
Create an LDAP server profile on your Email Security appliance. See
for more information.
•
Create a query string that the appliance will use to retrieve the complete distinguished name unless
you want to use the default query. For Active Directory servers, the default query string is
you want to use the default query. For Active Directory servers, the default query string is
(proxyAddresses=smtp:{a})
. For OpenLDAP servers, the default query string is
(mail={a})
. You
can define your own query and email attributes, including multiple attributes separated by commas.
Procedure
Step 1
Select System Administration > LDAP on the Email Security appliance.
Step 2
Edit the profile for the LDAP server you want to use.
Step 3
Select the check box for User Distinguished Name Query.
This option is available only if you have selected RSA Enterprise Manager as the DLP deployment
option.
option.
Step 4
Enter a name for the query.
Step 5
Enter the query string for retrieving the user distinguished name.
Step 6
Click the button to test your query.
Step 7
Submit and commit your changes.
About Associating Outgoing Mail Policies with DLP Policies in Enterprise Manager Deployments
You will use Enterprise Manager to associate Outgoing Mail Policies with DLP policies, in order to
specify which DLP policies apply to which senders and recipients. For information, see the RSA
Enterprise Manager documentation. Enterprise Manager sends this information to the Email Security
appliances for use when scanning messages.
specify which DLP policies apply to which senders and recipients. For information, see the RSA
Enterprise Manager documentation. Enterprise Manager sends this information to the Email Security
appliances for use when scanning messages.
Unlike with RSA Email DLP, outgoing mail policies cannot use the default mail policy’s DLP settings
when Enterprise Manager is enabled. If a mail policy is not specified for a DLP policy in Enterprise
Manager, DLP scanning is not enabled on the mail policy.
when Enterprise Manager is enabled. If a mail policy is not specified for a DLP policy in Enterprise
Manager, DLP scanning is not enabled on the mail policy.
Migrating from RSA Email DLP to RSA Enterprise Manager
If you want to migrate your existing RSA Email DLP configuration to RSA Enterprise Manager, you can
export your DLP configuration to a .zip file that you can upload to Enterprise Manager before switching
the appliance from RSA Email DLP mode to RSA Enterprise Manager mode.
export your DLP configuration to a .zip file that you can upload to Enterprise Manager before switching
the appliance from RSA Email DLP mode to RSA Enterprise Manager mode.