Cisco Talos is rolling out several changes to the Email Status Portal that adds new features and makes the Portal even easier to use.
The Talos Email Status Portal allows users to view mail samples submitted and their statuses, analyze graphical displays of submission metrics, administer domains and user access and generate reports of this data. As of our update today, the Portal Submissions page now includes a set of observables to deepen user insight into the origin and context of the emails submitted to Talos, including the original sender’s domain and IP address, embedded URLs and embedded attachments.
This will allow defenders to view even more information about the emails Talos processes and gain specific intelligence around prolific campaigns that may be targeted toward your network. By sending an email into Talos, you can now analyze what we see for the reputation of each embedded URL, the disposition of an attachment to an email, or the reputation score for the sender's IP and domain. You may dispute these results using our support portal simply by pressing a button. You may also take the information found in the portal and head over to SecureX to investigate any artifacts in your network.
To drill down into this new information, look for the new double arrow button to "expand inline" or drill down on a particular email by clicking the "pound" symbol:
Where you'll be presented with more information about the submitted email:
Domain Admins can now perform bulk actions for Users and Permissions, such as upgrading, suspending, approving or denying several user's permissions at a time.
And lastly, users can now export all submissions from the Submissions page to a CSV file for convenience, including all top-level submission information.
The Email Status Portal is for viewing the status of submissions. Customers can report malicious emails — or good emails that incorrectly went to the spam filter — through the Microsoft Outlook Plug-in or by following the direct email instructions here.
Check out the new portal by logging into Talosintelligence.com with your Cisco ID, and visiting https://talosintelligence.com/esp.