Cisco Email and Web Security

Version: Cisco Secure Email and Web Manager v13.0 and later, Cisco Secure Email v13.0 and later, Cisco Secure Web Appliance v13.0 and later for Cloud and On-Premises)

Cisco Email and Web Security (formerly known as Cisco Security Appliance) centralizes management and reporting functions across multiple Cisco email and web security appliances. Its email security gateway (Cisco secure email gateway) product is designed to detect and block many email-borne threats, such as malware, spam, and phishing attempts. Cisco Secure Web Appliance protects your organization by automatically blocking risky sites and testing unknown sites before allowing users to click on them.

Netsurion Open XDR integrates with Cisco Email and Web Security, collects logs from Cisco Secure Email Gateway and Cisco Secure Web Appliance creates detailed reports, alerts, dashboards, and saved searches. These attributes of Netsurion Open XDR help the users to view the critical information on a single platform.

The Secure Email reports contain a detailed overview of the activities like incoming message summary (Data Loss and Protection), DLP and AMP (Advanced Malware Protection), event summary, malicious or suspicious URLs summary, and many more. The Secure Web Appliance reports contain Proxy, Layer 4, SOCKS Proxy monitored allowed and blocked traffic events summary.

Netsurion Data Source Integration for Cisco Email and Web Security allows you to monitor the following components: 

  • Security – Malicious/ suspicious DLP and AMP detection, rejected connections, messages blocked due to content filters, blocked proxy traffic.
  • Operations – Web traffic events.

After the Cisco Email and Web Security is configured to deliver the events to the Netsurion Open XDR Manager, the dashboards, and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.


Type Name Description
Security Cisco SE – AMP and DLP Messages This report will provide a summary of the Advanced Malware Protection (AMP) and Data Loss and Prevention (DLP) messages as detected in the Cisco Secure Email. It includes details such as event log time, email direction, sender/recipient address, and more.
Security Cisco SWA – Traffic Report This report generates a summary of all the traffic monitored by the proxy services, SOCKS proxy, and layer 4. It includes source IP address, destination IP address, URL, policy type, application name, web category, threat reason, malware name, and many more.
Operations Cisco SE – Emails Report This report generates a summary of all the inbound and outbound emails that are successfully delivered. It includes email direction, sender/recipient address, SBRS (SenderBase Reputation Score) score, and many more.


The configuration details are consistent with Netsurion Open XDR 9.3 and later, and Cisco Email and Web Security (Cisco Secure Email, Cisco Secure Web Appliance, Cisco Secure Email and Web Manager)

Download Integration Guide, How-to Guide, and Cisco Email and Web Security Integrator for configuration instructions and more information.