FireEye EX Analysis Modes:
1) Block Analysis Mode:
--> Receives the email from MTA/Anti Spam for E-Mail Analysis.
--> After Email Analysis from the Analysis engine, The nonmalicious emails are forwarded.
--> Malicious Emails are still stored in the Quarantine of the FireEye EX appliance.
--> Default Mode of FireEye EX Appliance.
2) Drop Analysis Mode:
--> Extracts the email from MTA/Anti Spam device for Email Analysis.
--> After Email Analysis from the Analysis engine, The nonmalicious emails are discarded.
--> Malicious Emails are still stored in the Quarantine of the FireEye EX appliance.
3) Monitor Analysis Mode:
--> Receives the email from MTA/Anti Spam for E-Mail Analysis.
--> After Email Analysis from the Analysis engine, The nonmalicious emails are forwarded.
--> Malicious Emails are also forwarded.
4) TAP/SPAN Analysis Mode:
--> Requires the SPAN to be configured on the Switch where the EX appliance is installed.
--> FireEye EX appliance extracts the emails from SPAN Traffic.
--> After Email Analysis from the Analysis engine, The nonmalicious emails are discarded.
--> Malicious Emails are still stored in the Quarantine of the FireEye EX appliance.
Bounced Emails:
--> Bounced Emails are the Emails without the destination ( It happens mostly when the destination mailbox is not configured in the Exchange for the recipient email)
--> Bounced Emails also can happen when there is a network issue between FireEye and destination ( Usually Exchange Server).
--> We can use the soft bounce feature in FireEye Appliance to maintain the emails that cannot be forwarded to the destination.
--> Emails that cannot be forwarded to their destination are placed in the deferred queue.
--> By default, the Soft Bounce feature is enabled to protect the emails which are not being sent from the FireEye to the destination.
--> If Soft Bounce Feature is not enabled then all the bounced emails will be dropped by FireEye EX.
--> By default, For every 300 seconds the FireEye EX tries to send the bounced email to the destination.
--> We can check whether the Soft Bounce Feature is enabled or not by using the below command:
# show email-analysis mta-config
URL Dynamic Analysis:
--> URL Dynamic Analysis feature of FireEye EX allows scanning for the URL present in the email message body and attachment.
--> These URLs are compared and analyzed to a set of rules to identify the URL is suspicious or not.
--> If any URL or content of URL is found suspicious by FireEye EX then it simply blocks the Email from being sent to the user.
--> By default, URL Dynamic Analysis is disabled on the FireEye EX appliance.
--> Using the URL Dynamic Analysis feature FireEye EX appliance can also scan for the Short URLs present in the email.
--> We do have the capability not to scan or exclude some custom URLs by adding them into the whitelist.
--> We can use both Ether1 and Ether2 Interface for URL Dynamic Analysis.
--> If Ether2 Interface is used for URL Dynamic Analysis then by default it is not allowed to access the private network as well as the network in which Ether2 Interface is configured.
--> show analysis live-config --> To check the URL Dynamic Analysis Configuration
--> analysis live check-connection --> To test the connectivity to the Internet for the URL Dynamic Analysis
0 comments:
Post a Comment