Zix Email Threat Protection
Version: Zix/AppRiver Email Threat Protection
Zix/AppRiver Email Threat Protection (Zix ETP) provides multi-layered filtering that permits legitimate email while keeping out malicious threats such as phishing, impersonation, malware, ransomware, and spam-type messages.
Netsurion Open XDR helps to monitor events from Zix Email Threat Protection. Netsurion Open XDR reports, alerts, and dashboards will help you to analyze the activity logs such as, email traffic, or links clicked by users. Reports are provided to get a detailed summary of events during specific time. This contains critical information such as time of occurrence of events, user source IP and action taken on those events by Zix ETP.
Dashboards are basically a graphical representation of the events, which allows administrators to take an overview of key information found such as total number or percentage of traffic events or link protection events. And most importantly Alerts, such as, suspicious links clicked by user, will be triggered in real time to let administrators know of such foul activity performed within their networks.
Once Zix Email Threat Protection is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Zix ETP – A suspicious link or URL has been identified | This alert is triggered when a user clicks any link or URL which turns out to be a source of suspicious activity. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Zix ETP – Threat Protection Activities | This report contains a detailed overview of email traffic events or threat protection events. This includes key information such as email direction, action the filter takes when triggered, source IP, sender, and recipient address. |
| Security | Zix ETP – Link Protection Activities | This report contains a detailed overview of link protection events or events related to suspicious links clicked by user. This includes key information such as user source IP, the suspicious URL/ IOC, the user agent used, event datetime. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.x and later, and Zix Email Threat Protection.
Download Integration Guide and How-to Guide for configuration instructions and more information.