Cisco SecureX is a security platform embedded with every Cisco security product. It is cloud-native with no new technology to deploy. Cisco SecureX simplifies the demands of threat protection by providing a platform that unifies visibility, enables automation, and strengthens your security across network, endpoints, cloud, and applications. By connecting technology in an integrated platform, Cisco SecureX delivers measurable insights, desirable outcomes, and unparalleled cross-team collaboration. Cisco SecureX enables you to expand your capabilities by connecting your security infrastructure.

Integrating the Email Gateway with Cisco SecureX Threat Response contains the following sections:

• How to Integrate your Email Gateway with Cisco SecureX Threat Response

• Performing Threat Analysis using Cisco SecureX Ribbon

You can integrate your email gateway with Cisco SecureX Threat Response, and perform the following actions in Cisco SecureX Threat Response:

• View and send the email data from multiple email gateways in your organization.

• Identify, investigate and remediate threats observed in the email reports, sender and target relationships, search for multiple email addresses and subject lines and message tracking.

• Block compromised users or users violating outgoing email policies.

• Resolve the identified threats rapidly and provide recommended actions to take against the identified threats.

• Document the threats to save the investigation and enable collaboration of information among other devices.

• Block malicious domains, track suspicious observances, initiate an approval workflow or to create an IT ticket to update email policy.

You can access Cisco SecureX Threat Response using the following URL:

https://securex.us.security.cisco.com/login

Cisco Secure Email Gateway provides advanced threat protection capabilities to detect, block, and remediate threats faster, prevent data loss, and secure important information in transit with end-to-end encryption. For more information on observables that can be enriched by the ESA module, go to https://securex.us.security.cisco.com/settings/modules/available, navigate to the module to integrate with Cisco SecureX and click Learn More.

Note	When you upgrade from Cisco Secure Email Gateway 13.5.1 or earlier versions, Casebook will be part of the Cisco SecureX Ribbon.

Cisco SecureX supports a distributed set of capabilities that unify visibility, enable automation, accelerate incident response workflows, and improve threat hunting. These distributed capabilities are presented in the form of applications (apps) and tools in the Cisco SecureX Ribbon.

This topic contains the following sections:

• Accessing the Cisco SecureX Ribbon

• Adding Observable to Casebook for Threat Analysis using Cisco SecureX Ribbon and Pivot Menu

You will find the Cisco SecureX Ribbon at the bottom pane of the page, and it persists as you move between the dashboard and other security products in your environment. Cisco SecureX Ribbon consists of the following icons and elements:

• Expand/Collapse Ribbon

• Home

• Casebook App

• Incidents App

• Orbital App

• Enrichment Search Box

• Find Observables

• Settings

For more information on Cisco SecureX Ribbon, see https://securex.us.security.cisco.com/help/ribbon.

Overview

You can use the Cisco Success Network (CSN) feature to send your email gateway and feature usage details to Cisco. These details are used by Cisco to identify the email gateway version and the features activated but not enabled on your email gateway.

The ability to send your email gateway and feature usage details to Cisco helps an organization to:

• Improve the effectiveness of the product in user networks by performing analytics on collected telemetry data and suggesting users with recommendations using a digital campaign.

• Improve user experience with email gateway.

The following table shows a sample data of email gateway and feature usage details sent to Cisco: