Cisco Cisco Email Security Appliance C160 Mode D'Emploi
15-33
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 15 Data Loss Prevention
Message Actions
Defining Actions to Take for DLP Violations (Message Actions)
Before You Begin
•
Create at least one dedicated quarantine to hold messages (or copies of messages) that violate DLP
policies.
policies.
This can be a local quarantine on an Email Security appliance or a centralized quarantine on a
Security Management appliance.
Security Management appliance.
For deployments with Enterprise Manager:
–
Set a timeout large enough for Enterprise Manager to complete its tasks.
–
Consider automatic actions carefully; although quarantined messages must be managed in
Enterprise Manager, the Email Security appliance still releases or deletes quarantined messages
when the quarantine exceeds the allotted space.
Enterprise Manager, the Email Security appliance still releases or deletes quarantined messages
when the quarantine exceeds the allotted space.
For information, see
•
If you want to encrypt messages before delivery, make sure you have set up an encryption profile.
See
See
•
To include disclaimer text when delivering messages with DLP violations or suspected violations,
specify disclaimer text in Mail Policies > Text Resources. For information, see
specify disclaimer text in Mail Policies > Text Resources. For information, see
•
To send a notification to the sender of a DLP violation or to another person such as a compliance
officer, first create the DLP notification template. See
officer, first create the DLP notification template. See
.
Procedure
Step 1
Select Mail Policies > DLP Policy Customizations.
Step 2
In the Message Actions section, click Add Message Action.
Step 3
Enter a name for the message action.
Step 4
Enter a description of the message action.
Step 5
Choose whether to drop, deliver, or quarantine messages containing DLP violations.
Note
If you select Deliver, you can choose to have a copy of the message sent to a policy quarantine.
The copy of the message is a perfect clone, including the Message ID.
The copy of the message is a perfect clone, including the Message ID.
Step 6
If you want to encrypt the message upon delivery or its release from quarantine, select the Enable
Encryption check box and select the following options:
Encryption check box and select the following options:
•
Encryption Rule. Always encrypts the message or only encrypt it if an attempt to send it over a TLS
connection first fails.
connection first fails.
•
Encryption Profile. Encrypts the message using the specified encryption profile and delivers it if
you use a Cisco IronPort Encryption Appliance or a hosted key service.
you use a Cisco IronPort Encryption Appliance or a hosted key service.
•
Encrypted Message Subject. Subject for the encrypted message. Use the value is
$Subject
to keep
the existing message subject.
Step 7
If you select Quarantine as the action, choose the policy quarantine that you want to use for messages
containing DLP violations.
containing DLP violations.
Step 8
Click Advanced if you want to modify the message using any of the following options: