Manage your protected domains, allow and block lists, phishing email addresses, URL filtering, and your remediation actions.
Notice
Requires the Advanced Email Security module.
Use the Email Security configuration page to manage your protected domains, allow and block lists, phishing email addresses, URL filtering, and your remediation actions. To access the page, navigate to → → . You have the following options.
Protected Domains: View the domains you added to the collector for your organization.
Block List: View and manage indicators related to emails, including URLs, attachment file hashes, or sender email addresses that are flagged as malicious.
Right click a row to edit, delete, disable, and copy each block list rule.
How to add indicators you want to include in your block list:
Click Add.
In Create Block List Rule, select the type - URL, Hash, or Email Address.
Type the indicator, add any comments you want, and click Done.
Allow List: All the trusted indicators related to emails, including URLs, attachment file hashes, and sender email addresses. These exclusions also appear in the Issue Exclusions list under Exceptions Configuration.
Right click a row to edit, delete, disable, and copy each allow list rule. In this section, you can add indicators you want to exclude from generating issues.
To add indicators:
Click Add.
In Create Allow List Rule, select the type : URL, Email Sender, or Email Attachment.
Type the indicator, add any comments you want, and click Done.
The new indicator is added to the Allow List and to the general Issue Exclusions tables.
Note
You can add email indicators to the Allow List also in → . However, if you add multiple indicators in a rule using Issue Exclusions under Exceptions Configuration, you cannot edit the rule in the Email Security Allow List.
Phishing Email Address: Configure the email boxes for collecting the emails that users report as phishing. By default, the list includes the email address configured in your email provider for collecting reported phishing emails in your domain.
URL Filtering: Enable or disable analysis and identification of malicious URLs in emails.
Remediation Actions
Configure the following settings for your remediation actions.
Warning Email Template: Add the Sender Email address, the Subject, and the Body for the email you want to send to users when a malicious or suspicious email is detected and automatically remediated. An email body template is provided which you can customize to your organization's needs. The template contains the details of the suspicious email including the sender email address, subject, and the time the email was received.
Move to Folder Action: Select a folder to which suspicious mails will be moved. If a folder isn't configured, the email is moved to the default PANW Quarantined folder. If the PANW Quarantined folder doesn't exist, it is automatically created in the mailbox of the user.