diff --git a/public/_redirects b/public/_redirects index 9fa638063d5e0cb..b4bc8dc976cc915 100644 --- a/public/_redirects +++ b/public/_redirects @@ -427,6 +427,12 @@ /cloudflare-one/insights/email-monitoring/email-security-logs/ /cloudflare-one/insights/email-monitoring/enable-logs/ 301 /cloudflare-one/insights/email-monitoring/phishing-report/ /cloudflare-one/insights/email-monitoring/download-disposition-report/ 301 +/cloudflare-one/insights/email-monitoring/download-disposition-report/ /cloudflare-one/email-security/email-monitoring/download-disposition-report/ 301 +/cloudflare-one/insights/email-monitoring/ /cloudflare-one/email-security/email-monitoring/ 301 +/cloudflare-one/insights/email-monitoring/search-email/ /cloudflare-one/email-security/email-monitoring/search-email/ 301 +/cloudflare-one/insights/email-monitoring/phish-submissions/ /cloudflare-one/email-security/phish-submissions/ 301 +/cloudflare-one/insights/email-monitoring/enable-logs/ /cloudflare-one/insights/logs/enable-logs/ 301 + # firewall /firewall/api/cf-lists/ /waf/tools/lists/lists-api/ 301 diff --git a/src/content/docs/cloudflare-one/email-security/auto-moves.mdx b/src/content/docs/cloudflare-one/email-security/auto-moves.mdx index fa3def428af9570..a983174fe3f4524 100644 --- a/src/content/docs/cloudflare-one/email-security/auto-moves.mdx +++ b/src/content/docs/cloudflare-one/email-security/auto-moves.mdx @@ -2,7 +2,7 @@ title: Auto-move events pcx_content_type: how-to sidebar: - order: 4 + order: 5 --- Auto-move events are events where emails are automatically moved to different inboxes based on the disposition Email Security assigned to them. diff --git a/src/content/docs/cloudflare-one/email-security/detection-settings/index.mdx b/src/content/docs/cloudflare-one/email-security/detection-settings/index.mdx index e5ae7eff6656a21..3ab89e9a20733d1 100644 --- a/src/content/docs/cloudflare-one/email-security/detection-settings/index.mdx +++ b/src/content/docs/cloudflare-one/email-security/detection-settings/index.mdx @@ -2,7 +2,7 @@ pcx_content_type: navigation title: Detection settings sidebar: - order: 3 + order: 4 --- import { DirectoryListing } from "~/components" diff --git a/src/content/docs/cloudflare-one/email-security/directories/index.mdx b/src/content/docs/cloudflare-one/email-security/directories/index.mdx index a2d4cce3697ccd1..3c60ef540271180 100644 --- a/src/content/docs/cloudflare-one/email-security/directories/index.mdx +++ b/src/content/docs/cloudflare-one/email-security/directories/index.mdx @@ -2,7 +2,7 @@ title: Directories pcx_content_type: how-to sidebar: - order: 2 + order: 3 --- Directories are folders to store user data. Email Security allows you to manage directories from the Cloudflare dashboard. diff --git a/src/content/docs/cloudflare-one/insights/email-monitoring/download-disposition-report.mdx b/src/content/docs/cloudflare-one/email-security/email-monitoring/download-disposition-report.mdx similarity index 100% rename from src/content/docs/cloudflare-one/insights/email-monitoring/download-disposition-report.mdx rename to src/content/docs/cloudflare-one/email-security/email-monitoring/download-disposition-report.mdx diff --git a/src/content/docs/cloudflare-one/insights/email-monitoring/index.mdx b/src/content/docs/cloudflare-one/email-security/email-monitoring/index.mdx similarity index 94% rename from src/content/docs/cloudflare-one/insights/email-monitoring/index.mdx rename to src/content/docs/cloudflare-one/email-security/email-monitoring/index.mdx index 9e93d2cd0dc1af7..df423d025a6e28e 100644 --- a/src/content/docs/cloudflare-one/insights/email-monitoring/index.mdx +++ b/src/content/docs/cloudflare-one/email-security/email-monitoring/index.mdx @@ -2,7 +2,7 @@ title: Email monitoring pcx_content_type: how-to sidebar: - order: 1 + order: 2 --- import { GlossaryTooltip, Render } from "~/components" @@ -10,7 +10,7 @@ import { GlossaryTooltip, Render } from "~/components" Once you have chosen a [domain to scan](/cloudflare-one/email-security/setup/post-delivery-deployment/api/office365-api/#connect-your-domains), Email Security allows you to monitor the traffic scanned from your email inboxes. :::note -With Email Security, you can enable logs to send detection data to an endpoint of your choice. Refer to [Email Security logs](/cloudflare-one/insights/email-monitoring/enable-logs/) for more information. +With Email Security, you can enable logs to send detection data to an endpoint of your choice. Refer to [Enable Email Security logs](/cloudflare-one/insights/logs/enable-logs/) for more information. ::: To monitor your inbox: @@ -25,7 +25,7 @@ The dashboard will display the following metrics: - [Disposition evaluation](/cloudflare-one/email-security/reference/dispositions-and-attributes/) - Detection details - [Impersonations](/cloudflare-one/email-security/detection-settings/impersonation-registry/) -- [Phish submissions](/cloudflare-one/insights/email-monitoring/phish-submissions/) +- [Phish submissions](/cloudflare-one/email-security/phish-submissions/) - [Auto-move events](/cloudflare-one/email-security/auto-moves/) - [Detection settings metrics](/cloudflare-one/email-security/detection-settings/) @@ -78,7 +78,7 @@ Refer to [Trusted domains](/cloudflare-one/email-security/detection-settings/tru Phishing is a type of attack that involves stealing sensitive information with the aim of using and selling the information. -A phish submission happens when a user or an administrator reports a phishing attack. Refer to [Phish submissions](/cloudflare-one/insights/email-monitoring/phish-submissions/) to learn how to submit a phish. +A phish submission happens when a user or an administrator reports a phishing attack. Refer to [Phish submissions](/cloudflare-one/email-security/phish-submissions/) to learn how to submit a phish. Phish submissions displays the following information: diff --git a/src/content/docs/cloudflare-one/insights/email-monitoring/search-email.mdx b/src/content/docs/cloudflare-one/email-security/email-monitoring/search-email.mdx similarity index 79% rename from src/content/docs/cloudflare-one/insights/email-monitoring/search-email.mdx rename to src/content/docs/cloudflare-one/email-security/email-monitoring/search-email.mdx index 7c4fb702d0ffebc..e6ee1900195a8d2 100644 --- a/src/content/docs/cloudflare-one/insights/email-monitoring/search-email.mdx +++ b/src/content/docs/cloudflare-one/email-security/email-monitoring/search-email.mdx @@ -187,13 +187,56 @@ To view status and actions for each email: 1. On the **Investigation** page, select the three dots. 2. Selecting the three dots will show you the following options: - If the email is quarantined: - - **View details**: Refer to [Email details](/cloudflare-one/insights/email-monitoring/email-details/) to learn more. + - **View details**: Refer to [Email details](/cloudflare-one/email-security/email-monitoring/search-email/#email-details) to learn more. - **View similar emails**: Find similar emails based on the `value_edf_hash` (Electronic Detection Fingerprint hash). - **Release**: Email Security will no longer quarantine your chosen messages. - - **Reclassify**: Choose the dispositions of your messages if they are incorrect. Refer to [Reclassify messages](/cloudflare-one/insights/email-monitoring/search-email/#reclassify-messages) to learn more. + - **Reclassify**: Choose the dispositions of your messages if they are incorrect. Refer to [Reclassify messages](/cloudflare-one/email-security/email-monitoring/search-email/#reclassify-messages) to learn more. 3. If the email is not quarantined: - **View details**. - **View similar emails**. - **View submission detail**. - [Move](/cloudflare-one/email-security/auto-moves/) (only available if you authorized moves). - - [Reclassify](/cloudflare-one/insights/email-monitoring/search-email/#reclassify-messages). \ No newline at end of file + - [Reclassify](/cloudflare-one/email-security/email-monitoring/search-email/#reclassify-messages). + +## Email details + +Email Security shows you the following email detail information: + +- Details +- Action log +- Raw message +- Mail trace + +### Details + +Email Security displays the following details: + +1. **Threat type**: Threat type of the email, for example, [credential harvester](/cloudflare-one/email-security/reference/how-es-detects-phish/#credential-harvesters), and [IP-based spam](/cloudflare-one/email-security/reference/how-es-detects-phish/#ip-based-spam). +2. **Validation**: Email validation methods [SPF](https://www.cloudflare.com/learning/dns/dns-records/dns-spf-record/), [DKIM](https://www.cloudflare.com/learning/dns/dns-records/dns-dkim-record/), [DMARC](https://www.cloudflare.com/learning/dns/dns-records/dns-dmarc-record/). +3. **Sender details**: Information include: + - IP address + - Registered domain + - Autonomous sys number: This number identifies your [autonomous system (AS)](https://www.cloudflare.com/en-gb/learning/network-layer/what-is-an-autonomous-system/). + - Autonomous sys name: This name identifies your autonomous system (AS). + - Country +4. **Links identified**: A list of malicious links identified by Email Security. +5. **Reasons for disposition**: Description of why the email was deemed as malicious, suspicious, or spam. + +### Action log + +Action log allows you to review post-delivery actions performed on your selected message. The action log displays: + +- **Date**: Date when the post-delivery action was performed. +- **Activity**: The activity taken on an email. For example, moving the email to the trash folder, releasing a quarantined email, and more. + +### Raw message + +Raw message allows you to view the raw details of the message. You can also choose to download the email message. To download the message, select **Download .EML**. + +### Mail trace + +Mail trace allows you to track the path your selected message took from the sender to the recipient. Mail trace displays: + +- **Date**: The date and time when the mail was tracked. +- **Type**: An email can be inbound (email sent to you from another email), or outbound (emails sent from your email address). +- **Activity**: The activity taken on an email. For example, moving the email to the trash folder, releasing a quarantined email, and more. \ No newline at end of file diff --git a/src/content/docs/cloudflare-one/email-security/index.mdx b/src/content/docs/cloudflare-one/email-security/index.mdx index ebf7814cd655956..d0644355077084e 100644 --- a/src/content/docs/cloudflare-one/email-security/index.mdx +++ b/src/content/docs/cloudflare-one/email-security/index.mdx @@ -22,4 +22,4 @@ Email Security allows you to: - Configure [allow policies](/cloudflare-one/email-security/detection-settings/allow-policies/), [blocked senders](/cloudflare-one/email-security/detection-settings/blocked-senders/), [trusted domains](/cloudflare-one/email-security/detection-settings/trusted-domains/), and [additional detections](/cloudflare-one/email-security/detection-settings/additional-detections/). - [Automatically move messages](/cloudflare-one/email-security/auto-moves/) to specific folders based on a [certain disposition](/cloudflare-one/email-security/reference/dispositions-and-attributes/). - [Manage directories](/cloudflare-one/email-security/directories/). -- [Monitor your inbox](/cloudflare-one/insights/email-monitoring/), perform a thorough [search of your email](/cloudflare-one/insights/email-monitoring/search-email/), and download a [disposition report](/cloudflare-one/insights/email-monitoring/download-disposition-report/). \ No newline at end of file +- [Monitor your inbox](/cloudflare-one/email-security/email-monitoring/), perform a thorough [search of your email](/cloudflare-one/email-security/email-monitoring/search-email/), and download a [disposition report](/cloudflare-one/email-security/email-monitoring/download-disposition-report/). \ No newline at end of file diff --git a/src/content/docs/cloudflare-one/email-security/outbound-dlp.mdx b/src/content/docs/cloudflare-one/email-security/outbound-dlp.mdx index df98f96f9594e36..9042e07aff4b39c 100644 --- a/src/content/docs/cloudflare-one/email-security/outbound-dlp.mdx +++ b/src/content/docs/cloudflare-one/email-security/outbound-dlp.mdx @@ -2,7 +2,7 @@ title: Outbound Data Loss Prevention (DLP) pcx_content_type: how-to sidebar: - order: 6 + order: 7 badge: text: Beta --- diff --git a/src/content/docs/cloudflare-one/email-security/phish-guard.mdx b/src/content/docs/cloudflare-one/email-security/phish-guard.mdx index 8b228234b1cc92e..301d3889daabaef 100644 --- a/src/content/docs/cloudflare-one/email-security/phish-guard.mdx +++ b/src/content/docs/cloudflare-one/email-security/phish-guard.mdx @@ -2,7 +2,7 @@ title: PhishGuard pcx_content_type: how-to sidebar: - order: 5 + order: 8 --- PhishGuard is a managed email security service that provides resources for end-to-end phish and targeted attack management and response. With PhishGuard, you can preemptively block [phishing attacks](https://www.cloudflare.com/en-gb/learning/access-management/phishing-attack/), [malware](https://www.cloudflare.com/en-gb/learning/ddos/glossary/malware/), [Business Email Compromise (BEC)](https://www.cloudflare.com/en-gb/learning/email-security/business-email-compromise-bec/), and vendor email fraud. @@ -61,7 +61,7 @@ Managed email security operations allows you to review the results of phish subm It displays the following: -- Total [phish submissions](/cloudflare-one/insights/email-monitoring/phish-submissions/) +- Total [phish submissions](/cloudflare-one/email-security/phish-submissions/) - Tracked incidents - Median time to resolve - Resolved track incidents diff --git a/src/content/docs/cloudflare-one/insights/email-monitoring/phish-submissions.mdx b/src/content/docs/cloudflare-one/email-security/phish-submissions.mdx similarity index 88% rename from src/content/docs/cloudflare-one/insights/email-monitoring/phish-submissions.mdx rename to src/content/docs/cloudflare-one/email-security/phish-submissions.mdx index 0a19622b1c181be..2ed2b3d7e251668 100644 --- a/src/content/docs/cloudflare-one/insights/email-monitoring/phish-submissions.mdx +++ b/src/content/docs/cloudflare-one/email-security/phish-submissions.mdx @@ -2,7 +2,7 @@ title: Phish submissions pcx_content_type: how-to sidebar: - order: 4 + order: 6 --- import { GlossaryTooltip, Render } from "~/components" @@ -13,9 +13,9 @@ Submitting missed phish samples to Cloudflare is of paramount importance and nec There are three routes you can use to report an email as a phish: -- Via Investigation, by [reclassifying an email](/cloudflare-one/insights/email-monitoring/phish-submissions/#reclassify-an-email). -- Via [PhishNet O365](/cloudflare-one/insights/email-monitoring/phish-submissions/#phishnet-o365) or [PhishNet for Google Workspace](/cloudflare-one/insights/email-monitoring/phish-submissions/#phishnet-for-google-workspace), depending on your email provider. -- Via [Submission addresses](/cloudflare-one/insights/email-monitoring/phish-submissions/#submission-addresses). +- Via Investigation, by [reclassifying an email](/cloudflare-one/email-security/phish-submissions/#reclassify-an-email). +- Via [PhishNet O365](/cloudflare-one/email-security/phish-submissions/#phishnet-o365) or [PhishNet for Google Workspace](/cloudflare-one/email-security/phish-submissions/#phishnet-for-google-workspace), depending on your email provider. +- Via [Submission addresses](/cloudflare-one/email-security/phish-submissions/#submission-addresses). ## Reclassify an email diff --git a/src/content/docs/cloudflare-one/email-security/reference/index.mdx b/src/content/docs/cloudflare-one/email-security/reference/index.mdx index be40cb7084513eb..12b32f8c9477cca 100644 --- a/src/content/docs/cloudflare-one/email-security/reference/index.mdx +++ b/src/content/docs/cloudflare-one/email-security/reference/index.mdx @@ -2,7 +2,7 @@ title: Reference pcx_content_type: navigation sidebar: - order: 8 + order: 9 group: hideIndex: true --- diff --git a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/api/office365-api.mdx b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/api/office365-api.mdx index 9a5221688b88ea3..1e14554496a1c11 100644 --- a/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/api/office365-api.mdx +++ b/src/content/docs/cloudflare-one/email-security/setup/post-delivery-deployment/api/office365-api.mdx @@ -73,4 +73,4 @@ To view the integration for each connected domain: 1. Select a domain. 2. Select the three dots > **View integration**. -Once you have set up Email Security to scan through your inbox, Email Security will display detailed information about your inbox. Refer to [Monitor your inbox](/cloudflare-one/insights/email-monitoring/) to learn more. \ No newline at end of file +Once you have set up Email Security to scan through your inbox, Email Security will display detailed information about your inbox. Refer to [Monitor your inbox](/cloudflare-one/email-security/email-monitoring/) to learn more. \ No newline at end of file diff --git a/src/content/docs/cloudflare-one/insights/email-monitoring/email-details.mdx b/src/content/docs/cloudflare-one/insights/email-monitoring/email-details.mdx deleted file mode 100644 index 0a7d5ef58876c2e..000000000000000 --- a/src/content/docs/cloudflare-one/insights/email-monitoring/email-details.mdx +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: Email details -pcx_content_type: reference -sidebar: - order: 6 ---- - -Email Security shows you the following email detail information: - -- Details -- Action log -- Raw message -- Mail trace - -### Details - -Email Security displays the following details: - -1. **Threat type**: Threat type of the email, for example, [credential harvester](/cloudflare-one/email-security/reference/how-es-detects-phish/#credential-harvesters), and [IP-based spam](/cloudflare-one/email-security/reference/how-es-detects-phish/#ip-based-spam). -2. **Validation**: Email validation methods [SPF](https://www.cloudflare.com/learning/dns/dns-records/dns-spf-record/), [DKIM](https://www.cloudflare.com/learning/dns/dns-records/dns-dkim-record/), [DMARC](https://www.cloudflare.com/learning/dns/dns-records/dns-dmarc-record/). -3. **Sender details**: Information include: - - IP address - - Registered domain - - Autonomous sys number: This number identifies your [autonomous system (AS)](https://www.cloudflare.com/en-gb/learning/network-layer/what-is-an-autonomous-system/). - - Autonomous sys name: This name identifies your autonomous system (AS). - - Country -4. **Links identified**: A list of malicious links identified by Email Security. -5. **Reasons for disposition**: Description of why the email was deemed as malicious, suspicious, or spam. - -### Action log - -Action log allows you to review post-delivery actions performed on your selected message. The action log displays: - -- **Date**: Date when the post-delivery action was performed. -- **Activity**: The activity taken on an email. For example, moving the email to the trash folder, releasing a quarantined email, and more. - -### Raw message - -Raw message allows you to view the raw details of the message. You can also choose to download the email message. To download the message, select **Download .EML**. - -### Mail trace - -Mail trace allows you to track the path your selected message took from the sender to the recipient. Mail trace displays: - -- **Date**: The date and time when the mail was tracked. -- **Type**: An email can be inbound (email sent to you from another email), or outbound (emails sent from your email address). -- **Activity**: The activity taken on an email. For example, moving the email to the trash folder, releasing a quarantined email, and more. \ No newline at end of file diff --git a/src/content/docs/cloudflare-one/insights/email-monitoring/enable-logs.mdx b/src/content/docs/cloudflare-one/insights/logs/enable-logs.mdx similarity index 98% rename from src/content/docs/cloudflare-one/insights/email-monitoring/enable-logs.mdx rename to src/content/docs/cloudflare-one/insights/logs/enable-logs.mdx index bd914f7e719f15f..e29c4899c4da3a1 100644 --- a/src/content/docs/cloudflare-one/insights/email-monitoring/enable-logs.mdx +++ b/src/content/docs/cloudflare-one/insights/logs/enable-logs.mdx @@ -2,7 +2,7 @@ title: Enable Email Security logs pcx_content_type: how-to sidebar: - order: 5 + order: 9 --- Email Security allows you to configure Logpush to send detection data to an endpoint of your choice. diff --git a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/index.mdx b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/index.mdx index a24125458fb285d..a5baade788048ff 100644 --- a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/index.mdx +++ b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/index.mdx @@ -18,7 +18,7 @@ The dashboard will display the following metrics: - [Disposition evaluation](/cloudflare-one/email-security/reference/dispositions-and-attributes/) - Detection details - [Impersonations](/cloudflare-one/email-security/detection-settings/impersonation-registry/) -- [Phish submissions](/cloudflare-one/insights/email-monitoring/phish-submissions/) +- [Phish submissions](/cloudflare-one/email-security/phish-submissions/) - [Auto-move events](/cloudflare-one/email-security/auto-moves/) - [Detection settings metrics](/cloudflare-one/email-security/detection-settings/) diff --git a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/monitor-detections.mdx b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/monitor-detections.mdx index 02f20d62726c264..0da7248705d2a83 100644 --- a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/monitor-detections.mdx +++ b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/monitor-detections.mdx @@ -28,7 +28,7 @@ There are three ways for searching emails: - Regular screen: A regular screen allows you to investigate your inbox by inserting a term to screen across all criteria. - Advanced screen: The advanced screen criteria gives you the option to narrow message results based on specific criteria. The advanced screen has several options (such as keywords, subject keywords, sender domain, and more) to scan your inbox. -Additional information on search can be found on the [Screen criteria](/email-security/reporting/search/) documentation. +Additional information on search can be found on the [Screen criteria](/cloudflare-one/email-security/email-monitoring/search-email/#screen-criteria) documentation. ### Export messages diff --git a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/phish-submissions.mdx b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/phish-submissions.mdx index ec8486f5f492fc6..0167504dc67223e 100644 --- a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/phish-submissions.mdx +++ b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/phish-submissions.mdx @@ -7,10 +7,10 @@ sidebar: While Email Security offers industry leading detection efficacy due to Cloudflare's Threat Intelligence, Preemptive Threat Hunting (actor and campaign infrastructure hunting with 8B, plus campaign threat signals assessed every day) and ML-Based Detection Models (Trust Graphs Computer Vision, Sentiment/Thread/Structural Analysis, Industry/Natural Language Understanding Modeling) false negatives and false positive can occur. -There are two different ways to [submit a phish](/cloudflare-one/insights/email-monitoring/phish-submissions/) sample: +There are two different ways to [submit a phish](/cloudflare-one/email-security/phish-submissions/) sample: - User submission: - - Submitted directly by the end user, and used with phish submission buttons. To learn more about user-submitted phish, refer to [PhishNet for Microsoft O365](/cloudflare-one/insights/email-monitoring/phish-submissions/#phishnet-o365). + - Submitted directly by the end user, and used with phish submission buttons. To learn more about user-submitted phish, refer to [PhishNet for Microsoft O365](/cloudflare-one/email-security/phish-submissions/#phishnet-o365). - User submissions can create another challenge for your organization. While it is important for end users to be vigilant and report what they believe may be a phishing email, they are often wrong. About 90% of the time, when an end user reports a missed phishing email, they are mistaken. This puts an extra burden on busy security teams as they sift through end user reports. The PhishGuard team at Cloudflare can solve this problem for your organization by reviewing end user submissions for you. - Admin submission: - To be used when IT administrators or security teams submit to Email Security. Submit original phish samples as an attachment in EML format to the appropriate team submission address.