Cisco Secure Email Cloud Mailbox Release Notes - ARCHIVE
Available Languages
Table of Contents
Cisco Secure Email Cloud Mailbox Release Notes Archive
Cisco Secure Email Cloud Mailbox Release Notes Archive
Introduction
This document includes archived release notes for July 12, 2021 through September 29, 2022. Current release notes for the product now named Cisco Secure Email Threat Defense are found here: https://www.cisco.com/c/en/us/td/docs/security/email-threat-defense/release-notes/secure-email-threat-defense-release-notes.html
Enhancements
■
New ability to filter by manually reclassified or automatically reclassified.
■An new icon indicates messages that were manually reclassified. Hover text shows who manually reclassified the message.
■The calendar control is redesigned.
■Retrospective verdict notification emails include the Microsoft Message ID.
Enhancements
■In addition to the main threat categories (BEC, Scam, Malicious, and Phishing), Cloud Mailbox now displays business risks and techniques used when available. These new conviction elements help provide a more comprehensive understanding of the traits and behaviors used to convict a message.
The Verdict Details column shows a visual representation of verdicts, the business risks, and the techniques used. Techniques are color coded to indicate their severity. Malicious file names/SHA256 and URLs are shown dynamically. Static descriptions are shown when dynamic text is not possible
■Super-admin and admin users can request EML downloads from the expanded message view. Downloads are available from the Downloads page until they are downloaded or for 7 days, whichever comes first.
■The retrospective verdict icon on the verdict label now has hover text that shows the time a retro verdict was applied and the difference between when the message was received and when the verdict was applied.
Enhancements
■Cloud Mailbox adds new Business Email Compromise (BEC) and Scam verdicts. BEC and Scam verdicts add more granular convictions to Cloud Mailbox. BEC and Scam messages are convicted as Phishing today. They will be convicted more precisely as BEC or Scam over time. BEC, Scam, Phishing, and Malicious are categorized as Threats throughout Cloud Mailbox.
Changes to Cloud Mailbox to reflect the new verdicts include:
–Home page Malicious and Phishing widget replaced by Threat Traffic widget.
–Trends page Malicious and Phishing graph replaced by Threats graph.
–Added ability to filter Messages page by Threats.
–Simplified Remediation Actions policy setting. You now set one automated remediation action for all Threat types (BEC, Scam, Phishing, and Malicious). We recommend you set this action to Move to Quarantine.
Note : If you previously had different automated remediation actions set for Malicious and Phishing, the new automatic remediation action for Threats will be the action that was used for Phishing.
■The Impact Report is redesigned:
–BEC, Scam, Phishing, and Malicious grouped as Threats.
–Spam and Graymail grouped as Unwanted Messages.
–Top Ten Targets of Malicious and Phishing Messages renamed Top Targets and includes BEC and Scam data.
–Protection by Cloud Mailbox now includes BEC and Scam information.
–Top Internal Threats renamed Potentially Compromised Accounts.
■A new Threats tile is available for the SecureX dashboard. This tile shows a snapshot of messages that were determined to be BEC, Scam, Phishing, or Malicious.
Note : You should remove the Malicious and Phishing tile and add the new Threats tile to your SecureX dashboard.
■On the Messages page, you can now filter by Manually Remediated. The filter was previously limited to Auto-Remediated only.
■Style changes throughout Cloud Mailbox, including:
–Retrospective verdict icon shown on the Verdict label.
–Manually Remediated icon shown on the Action label. Hover to display the user that did the remediation.
–Updated Message Rule icons and Direction icons.
–Attachment and URL icons moved in front of the Subject line.
Enhancements
■The same SecureX sign-on user can be added to multiple Cloud Mailbox instances. They can then toggle between accounts without needing to sign out and sign in again. The user can have different roles in different instances.
■Release notifications appear under the Notifications (bell icon) menu.
Enhancements
■The Notifications (bell icon) menu is new in this release.
–A red dot next to the bell icon indicates there are new notifications.
–Remediation error notifications appear under the bell. You can request a remediation error download file from the notification. Additional notification types will be added in future releases.
Enhancements
■Domains are now imported automatically. While you can still import your domains manually, they are now periodically imported to ensure the list is up-to-date.
■Cosmetic changes have been made to icons throughout.
■User’s names are now pulled from SecureX sign-on:
–When a first time user signs in, their names are populated in Cloud Mailbox from their SecureX sign-on information.
–If a user edits their name in their SecureX sign-on account, it will be updated in Cloud Mailbox the next time they sign in.
■Descriptions in the Impact Report are updated to better reflect the chart contents.
Enhancements
■You can now specify Sender IPv4 addresses and CIDR block ranges as Allow List, Verdict Override, and Phish Test message rule criteria.
■The remediation error log is new in this release. The Messages page does not show if move requests were successful for all mailboxes. The remediation error log allows you to download a CSV of remediation failures for individual mailboxes.
Enhancements
■The ability to quarantine messages is new in this release:
–Messages can be manually quarantined through the Reclassify/Remediate workflow.
–Move to Quarantine can be selected as an auto-remediation policy option.
–Super-admin and admin users can see the secret Quarantine Folder ID on the Administration > Business page.
Enhancements
■Bypass Analysis message rules are new in this release. These rules allow you to bypass analysis for Phish Tests and Security Mailbox messages. Attachments and links are not opened or scanned. Create and manage Bypass Analysis rules from the Settings > Message Rules page.
■We added Secure Email Gateway (SEG) configuration to the Policy page. The presence of a Secure Email Gateway (SEG) impacts how Cloud Mailbox identifies the Sender IP. By default nothing (No SEG) is selected. If you have a SEG in place, we recommend updating this configuration.
Enhancements
■Verdict Override message rules are new in this release. These rules allow you to override Spam and Graymail verdicts that match the criteria specified. Messages are marked as Neutral, are not remediated, and do not appear on reports. Create and manage Verdict Override rules from the Settings > Message Rules page.
Enhancements
■Allow List functionality is new in this release. Allow List rules allow you to prevent remediation of Spam and Graymail messages from specific sender email addresses or sender domains. Messages will still be analyzed but remediation will not be applied. Create and manage your Allow List rules from the Settings > Message Rules page.
■On the Policy page, a new Safe Sender check box allows Cloud Mailbox to honor Microsoft Safe Sender tags. If the box is checked, Microsoft Safe Sender messages with Spam or Graymail verdicts will not be auto-remediated. By default, this box is unchecked.
■The Message Rules column is added to the Messages page. If a message is allowed because of an allow list rule, a Microsoft Safe Sender tag, or Microsoft Allow list, it is indicated in the Message Rules column.
■We have changed the way Microsoft Allow lists are honored and displayed:
–Cloud Mailbox honors senders and domains added to your spam filter allow lists in Microsoft 365 for Spam and Graymail messages.
–Microsoft Allow lists are not honored for Malicious or Phishing verdicts.
–If a message was tagged with MSAllow, this is now shown on the Messages page under the Message Rules column. This was previously shown as an indicator icon.
■On the Administration page, we renamed SecureX Dashboard to SecureX to better represent what is being authorized.
■In the messages export.csv file, we renamed some fields to better reflect their contents:
Enhancements
■If SecureX is authorized in your Cloud Mailbox business, the SecureX Org ID and the name of the user who authorized SecureX are indicated on the Administration page.
Enhancements
■If your license is close to expiring, a banner message indicates how many days are left in your license.
■If your license has expired, a banner message indicates that your account is no longer protected from malicious messages.
■On the Impact Report page, the Top Ten Targets of Malicious and Phishing Messages chart shows the total malicious and phishing messages per recipient. You can pivot to the messages page to see all malicious and phishing messages for a specific recipient.
Enhancements
■Cloud Mailbox is integrated with SecureX dashboard and SecureX ribbon. For details, see Cisco Secure Email Cloud Mailbox User Guide: SecureX Integration.
■A Dusk theme is introduced. You can switch from Light to Dusk from the User Settings page.
Enhancements
■Two new user roles are added: admin and analyst.
Note : You cannot edit an existing user’s role. If you wish change a user’s role, delete the existing user, then create a new user with the same email address and the desired role.
■The Reclassify/Remediate workflow is updated for a better user experience.
■Delete functionality is now included in the Reclassify/Remediate workflow. Users with super-admin and admin roles can permanently delete messages from mailboxes. Users are warned that deleted messages cannot be recovered once they are deleted.
■The expanded message view is redesigned to allow better visibility of long lists of recipients, URLs, and attachments.
Enhancements
■If you are a trial customer, a banner indicates how many days are left in your trial or if your trial has expired.
Enhancements
■The Messages page columns are reorganized to highlight the Verdict and Last Action.
■The ability to select all is added to the Refine Search filter for:
Enhancements
■You can filter by attachments and links in the Refine Search filter.
■In the Timeline view, you can see which user manually reclassified or remediated a message.
■In the Impact Report you can:
–See a 1 year projection of the protection provided by Cloud Mailbox
–Filter the Traffic Volumes by Conviction graphs by direction
–See the number of messages in the Added Protection by Cloud Mailbox widget
■The message download report is updated:
–You can now download up to 10,000 messages
Enhancements
■To unify and simplify our broad portfolio, Cisco is renaming our security offerings under the Cisco Secure banner. As part of this effort, Cloud Mailbox Defense (CMD) has been renamed Cisco Secure Email Cloud Mailbox. You will notice the new branding throughout the product and documentation. For more information, visit cisco.com/go/secure-names.
■The Impact Report is introduced in this release and is available from Insights > Impact Report. The Impact Report shows the benefits Secure Email Threat Defense provided to your business over the last 30 days.
■The Insights page is renamed Trends and is now available at Insights > Trends.
■You can resize columns on the Messages page.
■The Settings (gear icon) > Policy page is redesigned for clarity and ease of use.
■You can now use the following methods to open a support case:
–Open an online support case: https://www.cisco.com/c/en/us/support/index.html
–Email TAC@cisco.com
–Call Cisco TAC at any of the worldwide phone numbers found here: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html
Note : Your Cloud Mailbox contract must be linked to your cisco.com account to order a case. If you do not already have a cisco.com account, go here to create one.
Usage Caveats
Microsoft Excel cell size limit
Microsoft Excel has a limit of 32,767 characters per cell. If you export your data to CSV and then open it in Excel, any excess data beyond the character limit is moved to the next row.
Cannot sign in to SecureX sign-on with Microsoft when Microsoft account does not have last name
Microsoft 365 does not require accounts to have a defined first name and last name. When trying to authenticate with a Microsoft account that does not have a last name, SecureX sign-on returns the following error:
400 Bad Request. Unable to create the user. Required properties are missing.
To workaround this issue, make sure both first name and last name are defined in the Microsoft 365 account.
Known Issues
Microsoft Allow lists and Safe Senders
Because of some recent changes to Microsoft’s MSAllowList flag, Microsoft allow lists are not always honored by Secure Email Threat Defense if your organization allows individual users to configure allow lists in their mailbox and a message happens to fall in a user’s allow list.
If you want Secure Email Threat Defense to honor these settings, select the Do not remediate Microsoft Safe Sender messages with Spam or Graymail verdicts check box on the Policy page. Safe Sender flags are respected for Spam and Graymail verdicts, but are not respected for Malicious and Phishing verdicts. That is, Safe Sender messages with Spam or Graymail verdicts will not be remediated.
Organization-BCC not populated in some instances
The Organization-BCC field for a message is populated when the BCC targets a mailbox in the user’s domain. On internal messages this is explicitly set in the message. On incoming messages this is inferred from message headers.
Some recipients are missing on mixed email
For mixed messages (mail with internal and external recipients), the UI does not display all recipients.
Conversation view
You may encounter the following issues when using Conversation view:
■The + symbols don’t disappear until you click them, even if there are no additional messages
■There is a limit of 9 horizontal nodes
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)