Skip to main content
Skip table of contents

Cisco Secure Email Events

Vendor Documentation

https://www.cisco.com/c/en/us/td/docs/security/esa/esa14-0/user_guide/b_ESA_Admin_Guide_14-0/b_ESA_Admin_Guide_12_1_chapter_0100111.html
https://docs.ces.cisco.com/docs/single-log-line-sll

Classification

Rule NameRule TypeClassificationCommon Event
Cisco Secure Email EventsBase RuleInformationGeneral AlertEmail
Cisco Secure Email DeliveredSub RuleInformation Email Delivered
Cisco Secure Email DroppedSub RuleInformationMessage Dropped
Cisco Secure Email BouncedSub RuleWarningEmail Message Bounced
Cisco Secure Email QuarantinedSub RuleFailed ActivityQuarantined Message

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
N/AN/AN/ACEF format version
N/AN/AN/AAppliance vendor
N/A<vendorinfo>StringAppliance product
N/A<version>Text/StringAppliance version
N/A<vmid>StringEvent Class ID
N/AN/AN/AEvent Name
N/A<severity>NumberSeverity
deviceExternalId<serialnumber>Text/StringSerial Number
ESAMIDN/AN/AN/A
ESAICIDN/AN/AICID
ESAAMPVerdictN/AN/AAMP Verdict
ESAASVerdictN/AN/AAS Verdict
ESAAVVerdictN/AN/AAV Verdict
ESACFVerdictN/AN/AContent Filters Verdict
endTimeN/AN/ADCID Timestamp
ESADLPVerdictN/AN/ADLP Verdict
dvcN/AN/AData IP
ESAFriendlyFromN/AN/AFriendly From
ESAGMVerdictN/AN/AGraymail Verdict
startTimeN/AN/AICID Timestamp
deviceInboundInterfaceN/AN/AListener Name
deviceDirectionN/AN/AMail Direction
ESAMailFlowPolicy<policy>StringMail Flow Policy Name
suser<sname>Text/StringMail From
cs1LabelN/AN/AMessage ID
cs1N/AN/AMail Policy Name
cs2LabelN/AN/AN/A
cs2N/AN/AMail Sender Geo Location
ESAMFVerdictN/AN/AN/A
act<action>
<tag1>		StringMessage Final Action
cs4LabelN/AN/AN/A
cs4N/AN/AMessage ID
ESAOFVerdictN/AN/AOutbreak Filters Verdict
duser<dname>StringRecipients
ESAHeloDomain<domainimpacted>StringRemote Host/ Helo Domain
ESAHeloIP<dip>IP AddressRemote IP/Helo Domain IP
ESAReplyTo<sender>StringReply-To
cfp1LabelN/AN/ASBRS Score
cfp1N/AN/AN/A
ESASDRDomainAgeN/AN/ASDR Consolidated Domain Age
cs3Label<threatname>Text/StringSDR Consolidated Threat Category
cs3N/AN/AN/A
cs6LabelN/AN/ASDR Reputation Score
cs6N/AN/AN/A
ESASPFVerdictN/AN/ASPF Verdict
sourceHostName<domainorigin>StringSender Domain
ESASenderGroup<group>StringN/A
sourceAddress<sip>IP AddressSender IP
msg<subject>StringSubject
ESATLSInCipherN/AN/ATLS Incoming Cipher
ESATLSInConnStatus<result>Text/StringTLS Incoming Connection Status
ESATLSInProtocolN/AN/ATLS Incoming Protocol
ESATLSOutCipherN/AN/ATLS Outgoing Cipher
ESATLSOutConnStatus<status>Text/StringTLS Outgoing Connection Status
ESATLSOutProtocol<protname>StringTLS Outgoing Protocol
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close