elasticmachine
commented
2 years ago Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
Open jamiehynds opened 2 years ago
elasticmachine
commented
2 years ago Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
LaZyDK
commented
1 year ago This Integration might not be needed if the existing Cloud Email Gateway is updated with AWS S3 retrieval for the Consolidated Event Log. https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance-c190/217095-configure-consolidated-event-logs-for-aw.html
jamiehynds
commented
1 year ago Thanks @LaZyDK - Cisco are actually currently testing our integration on their end to determine if the current integration will work with the Cloud Gateway as-is, or what enhancements are required in order to support both. Great suggestion to add S3 support though, should be straight forward on our side.
LaZyDK
commented
1 year ago Any updates to this? :)
Description
The Cisco Secure Email Cloud Gateway is an cloud-based email security gateway solution. It is designed to detect and block a wide variety of email-borne threats, such as malware, spam, and phishing attempts. Because so many of today's attacks occur through email messages, having an email security gateway has become a necessity for most organizations.
Please note, we have an existing integration with Cisco Secure Email Appliance (docs here). This issue focuses on the cloud version of the appliance.
Architecture
The Logging API exposes events from the Email Gateway. Relevant docs here.
Integration release checklist
This checklist is intended for integrations maintainers to ensure consistency when creating or updating a Package, Module or Dataset for an Integration.
All changes
New Package
Dashboards changes
Log dataset changes
sample_event.json) exists