Email messages should only be transferred between legitimate mail servers. Content and attachments sent to or received from a malicious or suspicious host could be compromised. Abnormal volumes of outgoing email could indicate a system is compromised and is being used to generate spam or exfiltrate privileged information. This content pack helps you quickly view and analyze data collected from email devices in order to effectively monitor email traffic coming in and out of your organization's network, preventing data loss and data leakage.

Content Pack Components


Designed to give quick insight into email events.

  • Email Overview
  • GEO Overview
  • Inbound Overview
  • Outbound Overview


Provides a quick look into a week’s email events.

  • Email - Weekly Email Overview

Correlation Rules

Helps monitor for different email traffic patterns.

  • Email - Email Device Communicating with GTI Address
  • Email - Abnormal Email Traffic from GTI IP Address
  • Email - Abnormal Outbound Email Traffic

Required Products

  • McAfee Enterprise Security Manager (ESM) 11.x, 10.x
  • McAfee Advanced Correlation Engine (ACE) 11.x, 10.x
  • Some rules require McAfee Global Threat Intelligence (GTI) in order to function properly

Download Content Pack

Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.

Read Article


Find other content packs and partner integrations.

See All

Free Trial

Interested in McAfee Enterprise Security Manager?