In this document, you will learn how to configure a Cisco Email Security (CES) policy to forward spam emails to Lumu for compromise assessment. Lumu Email Intelligence is a unique threat analysis tool that runs advanced correlations between your spam, known indicators of compromise (IoCs), and network traffic.

Learn more about how Lumu Email Intelligence helps you understand who is targeting your organization, how they are doing it, and how successful they are in our documentation.

Requirements

You must have CES admin permissions to access the Spam Detection Module.

The process documented here was tested with Cisco C300V.

CES Setup

Lumu assigns a unique email address to your organization. You can find the email address assigned to your organization by going to the Lumu Portal and navigating to Email Intelligence > Summary (1). 

1. Sign in to CES admin portal, and then navigate to “Incoming Mail Policies”, then click to access the respective policy you want to edit in the “Anti-Spam” column:

2. In the mail policy settings area, configure the custom headers for Lumu, as shown in the following image.

3. Navigate to the “Incoming Content Filters” and click to add a new one, provide a name and a description.

4. Click to add a condition and select the “Other Header” option and inform the header value you added in step 2.

​

5. Click to add an “Action” and inform the email address provided by Lumu to your company in the Lumu Portal.

6. Submit the changes and apply the policy.