Cisco Secure Email Monitoring
Configure Cisco Secure Email monitoring Direct link to this section
Arctic Wolf® can monitor Cisco Secure Email logs and alert you about suspicious or malicious activity.
Step 1: Create a Cisco administrative user Direct link to this section
You can create a dedicated administrative user for the Arctic Wolf monitoring application or use an existing user. If you choose to use an existing user, proceed to Provide credentials to Arctic Wolf.
-
Sign in to the Cisco Secure Email portal.
The link is unique to your organization.
-
Select System Administration from the navigation menu.
-
Click Add User.
-
Complete the form:
- User Name — Enter a user name for the new user.
- Full Name — Enter the full name for the user.
- User Role — You can use the default Cloud Administrator role or create a custom administrator role.
- Passphrase — Click Generate to randomly generate a token or enter your own unique passphrase.
-
Click Submit.
Step 2: Provide credentials to Arctic Wolf Direct link to this section
-
Verify that you have an administrative user.
-
Sign in to the Arctic Wolf Portal.
-
Select Connected Accounts in the banner menu to open the Connected Accounts page.
-
Select +Add Account to open the Add Account form.
-
Select Cloud Detection and Response as the Account Type.
-
Select Cisco Secure Email from the list of cloud services, and fill in the form:
- Account Name — Enter a descriptive name for the credentials, such as Cisco Secure Email Integration.
- Port — If you have your own port, enter your own port number, otherwise enter the default
6443
. - Client Username — The user name of the administrative user you used in Create a Cisco administrative user.
- Client Password — The password of the administrative user you used in Create a Cisco administrative user.
- API Hostname — The base URL you use to log in to the Cisco Secure Email Portal. For example,
https://dhxxxx-smax.iphmx.com
. Be sure to exclude the trailing slash.
-
Select Submit to CST.
-
When prompted with the confirmation message, review your submission, and then select Done. You are returned to the Connected Accounts page.
-
Verify that the newly-submitted credential entry appears in the cloud services list with the status Connection Pending.
After your Concierge Security® Team provisions security monitoring for your account, the status of your credentials changes to Connected.