Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1405
Views
5
Helpful
1
Replies

SMA Custom Report for Manually Released emails from Quarantines

amelo@
Level 1
Level 1

‎12-04-2019 07:39 AM

Is there a way to generate a report of emails that have been manually released from the Policy, Virus and Outbreak Quarantines in the SMA?

 

Thanks,

Labels:
0 Helpful
1 Reply 1

marc.luescherFRE
Spotlight
Spotlight

‎12-04-2019 08:22 AM - edited ‎12-04-2019 08:41 AM

Hi there,

 

sorry there is no report available at the SMA to report on this activity, even I also think this could be helpfull.

I am currently checking if such information could be made available when uploading raw data of the ESA/SMA to a SIEM.

 

Update :

Searching for "ISQ Released Message" or "released from quarantine" & "manual" in mail_logs would allow you to count and identify such messages in a SIEM. The SMA re-inserts such messages back to the ESA so you would need to search the ESA logs for such messages.

 

A document describing the release messages can be found here:

https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118286-technote-csa-00.html

 

 

I hope this helps

 

-Marc

Customers Also Viewed These Support Documents