AsyncOS 14.3 (Cloud-only)

📘

Release Notes

Please read and review the entire Release Notes for AsyncOS 14.3 for Cisco Secure Email Cloud Gateway.

☁️

What is Cloud-only? This release of AsyncOS is pushed for all Cisco Secure Email Cloud Gateway customers (formerly Cisco Cloud Email Security [CES]).

What’s New In This Release

Integrating Secure Email Cloud Gateway with Threat Defense

The Threat Defense Connector client connects the Secure Email Cloud Gateway with the Secure Email Threat Defense to scan messages for Advanced Phishing and Spoofing.

When you configure the Threat Defense Connector, the Secure Email Cloud Gateway sends a copy of the actual message as an attachment to the Threat Defense portal’s message intake address. The message gets delivered to the user inbox, and advanced scanning completes in the Threat Defense portal.

You can enable the Threat Defense Connector in any of the following ways:

  • From the Security Services > Threat Defense Connector page of the web interface.
  • Using the threatdefenseconfig command in the CLI.

For more information, see the “Integrating Secure Email Cloud Gateway with Threat Defense” chapter in the user guide or the CLI Reference Guide associated with this release.

No Support for Cisco Secure Email Phishing Defense

From this release onwards, as of December 14, 2022, the Cisco Secure Email Phishing Defense (formerly known as Cisco Advanced Phishing Protection) feature will no longer be supported from Secure Email Cloud Gateway 14.3 onwards. For more details, click here. Contact Cisco Technical Assistance for further assistance.

Note: The above statement does not apply to existing users who have a valid license and are actively using the Cisco Secure Email Phishing Defense feature.

Custom User Role for AMP Configurations

The administrator can define a custom user role that provides access to AMP Configuration, AMP Reports, File Analysis Quarantine, and Message Tracking. The administrator can then assign this custom user role to the delegated administrator.

The administrator can define the custom user role for AMP configurations in the following ways:

  • Navigate to System Administrator > User Role > Add User Role and select No access or Full access for the AMP Configurations field in the web interface.
  • Use the userconfig > ROLE subcommand in the CLI and provide appropriate input for the AMP Configurations statement.

For more information, see the “Distributing Administrative Tasks” chapter in the user guide or the CLI Reference Guide associated with this release.

Consolidated Event Logs Enhancement

In the Consolidated Event Logs, two new fields are added, which can be used to include additional data when integrating your email gateway with the Security Information and Event Management (SIEM) application:

  • Custom Log Entries
  • Custom Log Headers

You can use the two fields to add a custom header, custom log entry, or both in Consolidated Event Logs.

Note: You can add only 25 custom log headers in Consolidated Event Logs.

You can configure the two fields in your email gateway in the following ways:

  • Custom Log Entry field – Use the Add CEF Log Entry Content Filter Action (for incoming or outgoing content filters, whichever is applicable) in the web interface or enter the Add CEF Log Entry content filter action under policyconfig > incoming mail policies or outgoing mail policies > filters > new > add > Action sub command in the CLI.

Note: The corresponding Message Filter action used is cef-log-entry.

  • Custom Log Header field – Use the CEF Headers option in the Log Subscriptions > Global Settings page in the web interface or the logconfig > ceflogheaders subcommand in the CLI.

The CEF log entry appears in Consolidated Event Logs when you configure the 'Consolidated Event Logs' log subscription with "Custom Log Entries" or "Custom Log Headers" (whichever is applicable) present in "Selected Log Fields."

For more information, see the "Content Filters" and "Logging" chapters in the user guide or the CLI Reference Guide associated with this release.

Using only User-defined Passphrases to open Password-protected Attachments

From this release onwards, you can choose to use only the user-defined passphrases created in your email gateway to open password-protected attachments in incoming and outgoing messages.

You can configure this feature in any one of the following ways:

  • Use the Apply User-defined Passwords Only checkbox in the Security Services > Scan Behavior > Edit Global Settings page of the web interface.
  • Use the “Do you want to apply user-defined passwords only? y/n” statement under scanconfig > protectedattachmentconfig subcommand in the CLI.

For more information, see the:

  • “Configuring Scan Behavior” section in the “Using Message Filters to Enforce Email Policies” chapter of the user guide associated with this release.
  • "Example - Using Only User-defined Passphrases to Open Password-protected Attachments” section in the “The Commands: Reference Examples” chapter of the CLI Reference Guide associated with this release.

Changes in Behavior

Message Tracking - Remediation Action Changes

[Before this Release]: In the Message Tracking > Remediate > Confirm Remediation Action dialog box, you could enter any special characters in addition to 'a-z,' 'A-Z, ' and '0-9' characters for the 'Remediation Batch Name' and 'Description' fields.

[From this Release onwards]: In the Message Tracking > Remediate > Confirm Remediation Action dialog box, you can only enter 'a-z,' 'A-Z, ' '0-9,' '_,' '-' characters, and spaces for the 'Remediation Batch Name' and 'Description' fields.

Changes to Default Log Level Selected for Audit Logs

[Before this Release]: When you would create an 'Audit log' log subscription using the web interface or the CLI, the 'Information' option would be selected as the default log level.

[From this Release onwards]: When you create an 'Audit log' log subscription using the web interface or the CLI, the 'Debug' option is selected as the default log level. You can change the log level option if required.

Content Scanner - Maximum File Size Scan Limit Changes

[Before this Release]: The Content Scanner in your email gateway would scan the text contents of the message attachment, even if the size of the extracted text from the attachment exceeded the configured maximum file size scan limit.

[From this Release onwards]: The Content Scanner only scans the extracted text contents of the message attachment based on the configured maximum file size scan limit. The remaining text contents that exceed the configured maximum file size scan limit are truncated.

For Example, You configured the maximum file size limit as 5 MB, and the text contents extracted from the message attachment are more than 5 MB (for example, '8 MB'). The Content Scanner only scans the text contents of a 5 MB file size and truncates the remaining 3 MB file size.