Skip to content

Cisco Email Security (Ironport)

Cisco Email Security is your defense against phishing, business email compromise, and ransomware. CYDERES utilizes this information to track and monitor email for malicious entry points.

Chronicle Data Types

  • Alert

Configuration

  1. In the Cisco Ironport ESA console, navigate to System Administration -> Log Subscriptions.
  2. Select the log name that you want to send to your Chronicle workspace. For example antivirus_logs.
  3. Provide the necessary information about your CYCLOPS forwarder (Virtual IP address and port).
  4. Repeat for any additional log files you want to send to Chronicle.

IMPORTANT: Cisco Ironport ESA outputs logs by default to port 514. Your CYDERES onboarding team will provide you with a higher port number to send those logs to. Please contact us with any questions you may have.

For a detailed list and explanation of the available log types please see the following documentation