Cisco Cisco Email Security Appliance C650 Guía Del Usuario
21-26
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 21 Automatically Remediating Messages in Office 365 Mailboxes
Performing Remedial Actions on Messages Delivered to End Users When the Threat Verdict Changes to Malicious
Workflow
1.
Message with an attachment reaches the appliance.
2.
The appliance queries the AMP server to evaluate the reputation of the attachment.
3.
The AMP server sends the verdict to the appliance. The verdict is clean or unknown.
4.
The appliance releases the message to the recipient.
5.
After a certain period, the appliance receives a verdict update from the AMP server. The new verdict
is malicious.
is malicious.
6.
The appliance performs the configured remedial action on the message (with malicious attachment)
residing in the recipient’s mailbox.
residing in the recipient’s mailbox.
How to Perform Remedial Actions on Messages Delivered to End Users When
the Threat Verdict Changes to Malicious
the Threat Verdict Changes to Malicious
Microsoft Office 365
2
3
3
5
4
1
Message with attachment
reaches the appliance
Check reputation of the
attachment
Verdict is clean or
unknown
Release the
message to the
recipient
Verdict Update: Attachment is malicious
AMP Server
6
Email Security Appliance
Perform remedial action
Do This
More Info
Step 1
Review the prerequisites.
Step 2
Register Email Security appliance as an
application on Azure AD (Azure
Management Portal).
application on Azure AD (Azure
Management Portal).