Configure the following event notification to notify administrators when an email has been detected violating content security policy.

Procedure

  1. Go to DetectionsNotificationsEvent Notifications.
    The Event Notifications screen appears.
  2. Click Content Violation Policy.
    A list of events appears.
  3. In the Event column, click Email policy violation.
    The Email Policy Violation screen appears.
  4. Select recipients for the notification.
    1. From the Available Users and Groups list, select contact groups or user accounts.
    2. Click >.
      The selected contact groups or user accounts appear in the Selected Users and Groups list.
  5. Enable one or more of the following notification methods.
    Method
    Description
    Email message
    To customize the email notification template, use supported token variables or modify the text in the Subject and Message fields.
    For more information, see Standard Token Variables and Content Policy Violation Token Variables.
    Windows event log
    To customize the notification template, use supported token variables or modify the text in the Message field.
    For more information, see Standard Token Variables and Content Policy Violation Token Variables.
    SNMP trap
    Apex Central stores SNMP trap notifications in a Management Information Base (MIB). To view the SNMP trap notifications, go to NotificationsNotification Method Settings and click Download MIB file under SNMP Trap Settings.
    Trigger application
    Specify the full path of the application file and any parameters for the command.
    Syslog
    A standard for forwarding log messages in an IP network
    Apex Central can direct syslogs to supported third-party products, including Cisco Security Monitoring, Analysis and Response (MARS).
  6. To test if recipients can receive the event notification, click Test.
  7. Click Save.