Email messages should only be transferred between legitimate mail servers. Content and attachments sent to or received from a malicious or suspicious host could be compromised. Abnormal volumes of outgoing email could indicate a system is compromised and is being used to generate spam or exfiltrate privileged information. This content pack helps you quickly view and analyze data collected from email devices in order to effectively monitor email traffic coming in and out of your organization's network, preventing data loss and data leakage.
Content Pack Components
Views
Designed to give quick insight into email events.
- Email Overview
- GEO Overview
- Inbound Overview
- Outbound Overview
Reports
Provides a quick look into a week’s email events.
- Email - Weekly Email Overview
Correlation Rules
Helps monitor for different email traffic patterns.
- Email - Email Device Communicating with GTI Address
- Email - Abnormal Email Traffic from GTI IP Address
- Email - Abnormal Outbound Email Traffic
Required Products
- McAfee Enterprise Security Manager (ESM) 11.x, 10.x
- McAfee Advanced Correlation Engine (ACE) 11.x, 10.x
- Some rules require McAfee Global Threat Intelligence (GTI) in order to function properly
Download Content Pack
Registered ServicePortal users can log in to access the Knowledge Center for further documentation or to download the content pack file manually.
Read Article