Performing Remedial Actions on Messages in Cisco SecureX Threat Response
Before you begin
In Cisco Threat Response, you can now investigate and apply the following remedial actions on messages processed by your email gateway:
-
Delete
-
Forward
-
Forward and Delete
Make sure you have met the following prerequisites before you perform remedial actions on messages in Cisco Threat Response:
-
Enabled and registered your email gateway with the Cisco SecureX server. For more information, see Enable the Cisco SecureX or Cisco Threat Response Integration on your Cisco Content Security Appliance and Registering Cisco SecureX or Cisco Threat Response on Cisco Content Security Appliance.
-
Added your email gateway module to Cisco SecureX and specified the Remediation Forwarding Address in Cisco SecureX. For more information, go to https://securex.us.security.cisco.com/settings/modules/available navigate to the required Email Security Appliance module to integrate with Cisco SecureX, click Add New Module, and see the instructions on the page.
-
Enabled and configured the remediation profiles in the System Administration > Account Settings page in your email gateway. For more information, see the Remediating Messages in Mailboxes chapter.
Procedure
| Step 1 | Log in to Cisco SecureX with your user credentials. |
| Step 2 | Perform an investigation for threat analysis by entering required IOCs (for example, URLs, Email Message ID and so on) in the Investigate panel and click Investigate. For more information, see the Investigate topic in the Help section at https://visibility.amp.cisco.com/help/investigate. |
| Step 3 | Click the pivot menu button next to the Cisco Message ID or Email Message ID and select the required remedial action (for example, ‘Forward’). For more information, see the Investigate topic in the Help section at https://visibility.amp.cisco.com/help/investigate. |