Performing Remedial Actions on Messages in Cisco XDR
Before you begin
In Cisco XDR, you can now investigate and apply the following remedial actions on messages processed by your Secure Email and Web Manager:
-
Delete
-
Forward
-
Forward and Delete
Make sure you have met the following prerequisites before you perform remedial actions on messages in Cisco XDR:
-
Enabled and registered your Secure Email and Web Manager with the Cisco XDR server. For more information, see Enable the Cisco Cloud Services Portal on your Secure Email and Web Manager and Register Secure Email and Web Manager with Cisco Cloud Services Portal.
-
Added your Secure Email and Web Manager module to Cisco XDR and specified the Remediation Forwarding Address in Cisco XDR. For more information, go to https://xdr.us.security.cisco.com/administration/integrations navigate to the required Secure Email and Web Manager module to integrate with Cisco XDR, click Get Started, and see the instructions on the page.
-
Enabled and configured the remediation profiles in the System Administration > Account Settings page in your email gateway. For more information, see the Remediating Messages in Mailboxes chapter of the Cisco Secure Email Gateway User Guide.
Procedure
Step 1 | Log in to Cisco XDR with your user credentials. |
Step 2 | Perform an investigation for threat analysis by entering required IOCs (for example, URLs, Email Message ID and so on) in the Investigate panel and click Investigate. For more information, see the Investigate topic in the Help section at https://docs.xdr.security.cisco.com/Content/Investigate/investigate.htm. |
Step 3 | Click the pivot menu button next to an observables to respond to the threat and perform tasks such as investigate, create a judgment for the observable, initiate automation workflows, or pivot to integrated products to perform additional actions. For more information, see the Pivot Menu topic in the Help section at https://docs.xdr.security.cisco.com/Content/pivot-menu.htm. |