Cisco Secure Email Monitoring

Configuration Guide

Updated Mar 23, 2023

Cisco Secure Email Monitoring

Configure Cisco Secure Email monitoring Direct link to this section

Arctic Wolf® can monitor Cisco Secure Email logs and alert you about suspicious or malicious activity.

  1. Create a Cisco administrative user.
  2. Provide credentials to Arctic Wolf.

Step 1: Create a Cisco administrative user Direct link to this section

You can create a dedicated administrative user for the Arctic Wolf monitoring application or use an existing user. If you choose to use an existing user, proceed to Provide credentials to Arctic Wolf.

  1. Sign in to the Cisco Secure Email portal.

    The link is unique to your organization.

  2. Select System Administration from the navigation menu.

  3. Click Add User.

  4. Complete the form:

    • User Name — Enter a user name for the new user.
    • Full Name — Enter the full name for the user.
    • User Role — You can use the default Cloud Administrator role or create a custom administrator role.
    • Passphrase — Click Generate to randomly generate a token or enter your own unique passphrase.

  5. Click Submit.

Step 2: Provide credentials to Arctic Wolf Direct link to this section

  1. Verify that you have an administrative user.

  2. Sign in to the Arctic Wolf Portal.

  3. Select Connected Accounts in the banner menu to open the Connected Accounts page.

    Connected Accounts menu

  4. Select +Add Account to open the Add Account form.

  5. Select Cloud Detection and Response as the Account Type.

  6. Select Cisco Secure Email from the list of cloud services, and fill in the form:

    • Account Name — Enter a descriptive name for the credentials, such as Cisco Secure Email Integration.
    • Port — If you have your own port, enter your own port number, otherwise enter the default 6443.
    • Client Username — The user name of the administrative user you used in Create a Cisco administrative user.
    • Client Password — The password of the administrative user you used in Create a Cisco administrative user.
    • API Hostname — The base URL you use to log in to the Cisco Secure Email Portal. For example, https://dhxxxx-smax.iphmx.com. Be sure to exclude the trailing slash.

  7. Select Submit to CST.

  8. When prompted with the confirmation message, review your submission, and then select Done. You are returned to the Connected Accounts page.

  9. Verify that the newly-submitted credential entry appears in the cloud services list with the status Connection Pending.

After your Concierge Security® Team provisions security monitoring for your account, the status of your credentials changes to Connected.