diff --git a/src/content/docs/email-security/email-configuration/index.mdx b/src/content/docs/email-security/email-configuration/index.mdx
index d0bc6344222f39b..bb403184286361f 100644
--- a/src/content/docs/email-security/email-configuration/index.mdx
+++ b/src/content/docs/email-security/email-configuration/index.mdx
@@ -11,6 +11,6 @@ import { DirectoryListing, Render } from "~/components";
-Once you have [set up Email Security](/email-security/deployment/), you have several options to customize and fine-tune email behavior.
+Once you have [set up Email security](/email-security/deployment/), you have several options to customize and fine-tune email behavior.
diff --git a/src/content/docs/email-security/email-configuration/lists/allowed-patterns.mdx b/src/content/docs/email-security/email-configuration/lists/allowed-patterns.mdx
index d622b7c9272ac4d..bb9623fde18b9ff 100644
--- a/src/content/docs/email-security/email-configuration/lists/allowed-patterns.mdx
+++ b/src/content/docs/email-security/email-configuration/lists/allowed-patterns.mdx
@@ -3,18 +3,17 @@ title: Allowed patterns
pcx_content_type: concept
sidebar:
order: 1
-
---
-import { GlossaryTooltip } from "~/components"
+import { GlossaryTooltip } from "~/components";
-When you set up **allowed patterns**, Email Security email security exempts messages that match certain patterns from normal detection scanning.
+When you set up **allowed patterns**, Email security email security exempts messages that match certain patterns from normal detection scanning.
## Add an allowed pattern
To create a new allowed pattern:
-1. Log in to the [Email Security dashboard](https://horizon.area1security.com/).
+1. Log in to the [Email security dashboard](https://horizon.area1security.com/).
2. Go to **Settings** (the gear icon).
@@ -23,22 +22,19 @@ To create a new allowed pattern:
4. Select **+ New Pattern**.
5. Enter the pattern information:
+ - **Allowed Pattern**: Enter one of the following types of pattern:
+ - **Email addresses**: Must be a valid email.
+ - **IP addresses**: Can only be IPv4. IPv6 and CIDR are invalid entries.
+ - **Regular expressions**: Must be [valid Java expressions](https://www.freeformatter.com/java-regex-tester.html).
- * **Allowed Pattern**: Enter one of the following types of pattern:
-
- * **Email addresses**: Must be a valid email.
- * **IP addresses**: Can only be IPv4. IPv6 and CIDR are invalid entries.
- * **Regular expressions**: Must be [valid Java expressions](https://www.freeformatter.com/java-regex-tester.html).
-
- * **Allow Type**: Choose one or more of the following types:
-
- * **Trusted Sender**: Messages will bypass all [detections](/email-security/reference/dispositions-and-attributes/) and link following by Email Security. Typically, only applies to
phishing simulations from vendors such as KnowBe4.
- * **Exempt Recipient**: Will exempt messages from all Email Security [detections](/email-security/reference/dispositions-and-attributes/) intended for recipients matching this pattern (email address or regular expression only). Typically, this only applies to submission mailboxes for user reporting to security.
- * **Acceptable Sender**: Will exempt messages from the `SPAM`, `SPOOF`, and `BULK` [dispositions](/email-security/reference/dispositions-and-attributes/#available-values) (but not `MALICIOUS` or `SUSPICIOUS`). Commonly used for external domains and sources that send mail on behalf of your organization, such as marketing emails or internal tools.
+ - **Allow Type**: Choose one or more of the following types:
+ - **Trusted Sender**: Messages will bypass all [detections](/email-security/reference/dispositions-and-attributes/) and link following by Email security. Typically, only applies to
phishing simulations from vendors such as KnowBe4.
+ - **Exempt Recipient**: Will exempt messages from all Email security [detections](/email-security/reference/dispositions-and-attributes/) intended for recipients matching this pattern (email address or regular expression only). Typically, this only applies to submission mailboxes for user reporting to security.
+ - **Acceptable Sender**: Will exempt messages from the `SPAM`, `SPOOF`, and `BULK` [dispositions](/email-security/reference/dispositions-and-attributes/#available-values) (but not `MALICIOUS` or `SUSPICIOUS`). Commonly used for external domains and sources that send mail on behalf of your organization, such as marketing emails or internal tools.
- * **Notes**: Provide additional notes about the allowed pattern.
+ - **Notes**: Provide additional notes about the allowed pattern.
-6. If you chose *Trusted Sender* or *Acceptable Sender* in the previous step, you will be able to choose whether to verify the sender. When the **Verify Sender** option is selected, the allow list entry will only be honored if it aligns with a passing authentication by DMARC or SPF or DKIM.
+6. If you chose _Trusted Sender_ or _Acceptable Sender_ in the previous step, you will be able to choose whether to verify the sender. When the **Verify Sender** option is selected, the allow list entry will only be honored if it aligns with a passing authentication by DMARC or SPF or DKIM.
7. Select **Save**.
diff --git a/src/content/docs/email-security/email-configuration/lists/block-list.mdx b/src/content/docs/email-security/email-configuration/lists/block-list.mdx
index dd5c3b3251ab2dd..27e165ceb4aa537 100644
--- a/src/content/docs/email-security/email-configuration/lists/block-list.mdx
+++ b/src/content/docs/email-security/email-configuration/lists/block-list.mdx
@@ -3,18 +3,17 @@ title: Block lists
pcx_content_type: concept
sidebar:
order: 3
-
---
-import { GlossaryTooltip } from "~/components"
+import { GlossaryTooltip } from "~/components";
-When you add **blocked senders**, Email Security automatically marks all messages from these senders with a `MALICIOUS`
disposition.
+When you add **blocked senders**, Email security automatically marks all messages from these senders with a `MALICIOUS`
disposition.
## Add a blocked sender
To create a new blocked pattern:
-1. Log in to the [Email Security dashboard](https://horizon.area1security.com/).
+1. Log in to the [Email security dashboard](https://horizon.area1security.com/).
2. Go to **Settings** (the gear icon).
@@ -23,14 +22,12 @@ To create a new blocked pattern:
4. Select **+ New Sender**.
5. Enter the pattern information:
+ - **Sender**: Enter one of the following types of pattern:
+ - **Email addresses**: Must be a valid email.
+ - **IP addresses**: Can only be IPv4. IPv6 and CIDR are invalid entries.
+ - **Regular expressions**: Must be [valid Java expressions](https://www.freeformatter.com/java-regex-tester.html). Regular expressions are matched with fields related to the sender email address (`envelope from`, `header from`, `reply-to`), the originating IP address, and the server name for the email.
- * **Sender**: Enter one of the following types of pattern:
-
- * **Email addresses**: Must be a valid email.
- * **IP addresses**: Can only be IPv4. IPv6 and CIDR are invalid entries.
- * **Regular expressions**: Must be [valid Java expressions](https://www.freeformatter.com/java-regex-tester.html). Regular expressions are matched with fields related to the sender email address (`envelope from`, `header from`, `reply-to`), the originating IP address, and the server name for the email.
-
- * **Notes**: Provide additional notes about the blocked sender pattern.
+ - **Notes**: Provide additional notes about the blocked sender pattern.
6. Select **Save**.
diff --git a/src/content/docs/email-security/email-configuration/lists/trusted-domains.mdx b/src/content/docs/email-security/email-configuration/lists/trusted-domains.mdx
index 1643c231f9059a8..b799936acf2de6f 100644
--- a/src/content/docs/email-security/email-configuration/lists/trusted-domains.mdx
+++ b/src/content/docs/email-security/email-configuration/lists/trusted-domains.mdx
@@ -3,17 +3,16 @@ title: Trusted domains
pcx_content_type: concept
sidebar:
order: 2
-
---
-**Trusted domains** allows you to identify domains that should be exempted from Email Security (formerly Area 1) detections.
+**Trusted domains** allows you to identify domains that should be exempted from Email security (formerly Area 1) detections.
## Default behavior
-When messages come to your recipients from certain domains, Email Security triggers certain [detections](/email-security/reference/dispositions-and-attributes/) by default:
+When messages come to your recipients from certain domains, Email security triggers certain [detections](/email-security/reference/dispositions-and-attributes/) by default:
-* **Proximity Domains**: Domains with similar spelling to your existing domain. Will trigger a `SPOOF` detection.
-* **Recent Domains**: Domains created recently (exact definition set in [Added Detections](/email-security/email-configuration/enhanced-detections/added-detections/)). Will trigger a `MALICIOUS` or `SUSPICIOUS` detection.
+- **Proximity Domains**: Domains with similar spelling to your existing domain. Will trigger a `SPOOF` detection.
+- **Recent Domains**: Domains created recently (exact definition set in [Added Detections](/email-security/email-configuration/enhanced-detections/added-detections/)). Will trigger a `MALICIOUS` or `SUSPICIOUS` detection.
However, sometimes those domains are legitimate. For example, your company may have registered several lookalike domains to combat domain squatters.
@@ -23,7 +22,7 @@ To exempt specific domains from these detections, you can add trusted domains.
To add a trusted domain:
-1. Log in to the [Email Security (formerly Area 1) dashboard](https://horizon.area1security.com/).
+1. Log in to the [Email security (formerly Area 1) dashboard](https://horizon.area1security.com/).
2. Go to **Settings** (the gear icon).
@@ -32,9 +31,8 @@ To add a trusted domain:
4. Select **+ Add Domain**.
5. The exact flow varies based on what you select for your **Pattern Type**:
-
- * **Domain**: Allows you to specify a particular domain and then adjust triggers for *Proximity Domain* and *Recent Domain*.
- * **Create Regex**: Allows you to create Regex rules for the domain name, top-level domain (TLDs), and subdomains and then adjust triggers for *Proximity Domain* and *Recent Domain*.
+ - **Domain**: Allows you to specify a particular domain and then adjust triggers for _Proximity Domain_ and _Recent Domain_.
+ - **Create Regex**: Allows you to create Regex rules for the domain name, top-level domain (TLDs), and subdomains and then adjust triggers for _Proximity Domain_ and _Recent Domain_.
6. Select **Save**.
diff --git a/src/content/docs/email-security/email-configuration/phish-submissions/index.mdx b/src/content/docs/email-security/email-configuration/phish-submissions/index.mdx
index 0577337fecab1c3..fb0dc8f0c63c472 100644
--- a/src/content/docs/email-security/email-configuration/phish-submissions/index.mdx
+++ b/src/content/docs/email-security/email-configuration/phish-submissions/index.mdx
@@ -3,16 +3,15 @@ title: Phish submissions
pcx_content_type: concept
sidebar:
order: 6
-
---
-import { DirectoryListing, GlossaryTooltip, Render } from "~/components"
+import { DirectoryListing, GlossaryTooltip, Render } from "~/components";
-As part of your continuous email security posture, administrators and security analysts need to submit missed
phish samples to [Email Security (formerly Area 1) Service Addresses](https://horizon.area1security.com/support/service-addresses/) so Cloudflare can process them and take necessary action.
+As part of your continuous email security posture, administrators and security analysts need to submit missed
phish samples to [Email security (formerly Area 1) Service Addresses](https://horizon.area1security.com/support/service-addresses/) so Cloudflare can process them and take necessary action.
-Sometimes phish is missed as Email Security uses several techniques to make a detection. These include preemptively crawling the web to identify campaigns, machine learning, custom signatures, among others. In order for Email Security to identify why phish was missed, we need to run the original samples through our module and identify why some of our modules did not score the sample high enough to elevate it to malicious.
+Sometimes phish is missed as Email security uses several techniques to make a detection. These include preemptively crawling the web to identify campaigns, machine learning, custom signatures, among others. In order for Email security to identify why phish was missed, we need to run the original samples through our module and identify why some of our modules did not score the sample high enough to elevate it to malicious.
Submitting missed phish samples to Cloudflare is of paramount importance and necessary for continuous protection. Submitting missed phish samples helps Cloudflare improve our machine learning (ML) models, and alerts us of new attack vectors before they become prevalent.
@@ -20,37 +19,37 @@ Submitting missed phish samples to Cloudflare is of paramount importance and nec
There are two different ways to submit a phish sample:
-* **User submission**: Submitted directly by the end users, and used with phish submission buttons.
+- **User submission**: Submitted directly by the end users, and used with phish submission buttons.
To learn more about user-submitted phish, refer to the following documentation:
-* **Team submission**: To be used when IT administrators or security teams submit to Email Security. Submit original phish samples as an attachment in EML format to the appropriate [Team Submissions address](https://horizon.area1security.com/support/service-addresses/). For example, if you think an email should be marked as spoof, send it to the `SPOOF` address listed in Team Submissions.
+- **Team submission**: To be used when IT administrators or security teams submit to Email security. Submit original phish samples as an attachment in EML format to the appropriate [Team Submissions address](https://horizon.area1security.com/support/service-addresses/). For example, if you think an email should be marked as spoof, send it to the `SPOOF` address listed in Team Submissions.
Phish samples submitted to this address will be considered as submissions from the customer's email security team. This increases the chances of similar samples being detected as malicious in the future.
After submitting a phish sample to the team address, you will receive an update from `status@submission.area1reports.com` regarding the investigation and the verdict. The feedback is directly provided to customers by our threat research team, bypassing the support channel, to expedite the process.
## What happens after a phish submission
-After you or your users submit a phish sample, Email Security adds that sample directly into our machine learning (ML) queue for learning. Some samples will be directly converted to `MALICIOUS` upon going through machine learning and the rest will be further processed by our ML module.
+After you or your users submit a phish sample, Email security adds that sample directly into our machine learning (ML) queue for learning. Some samples will be directly converted to `MALICIOUS` upon going through machine learning and the rest will be further processed by our ML module.
### Phish submission feedback
-Use the following keywords to search for submitted phish samples on the Email Security dashboard:
+Use the following keywords to search for submitted phish samples on the Email security dashboard:
-* `phish_submission`
-* `user_malicious_submission`
-* `team_malicious_submission`
+- `phish_submission`
+- `user_malicious_submission`
+- `team_malicious_submission`
On the **Reasons** column you will see the feedback regarding the messages found. If the ML module learns and detects it as phish, the **Reasons** column shows the details regarding it. If not, the information on this column shows up as `phish submission`.
-If there is a phishing email that is repeatedly sent to users despite being submitted to Email Security for processing, [contact support](/support/contacting-cloudflare-support/) with the details of the problematic phish submission sample (alert ID or message ID of the sample).
+If there is a phishing email that is repeatedly sent to users despite being submitted to Email security for processing, [contact support](/support/contacting-cloudflare-support/) with the details of the problematic phish submission sample (alert ID or message ID of the sample).
### Phish Submission Response (beta)
-Phish Submission Response (PSR) is an additional layer of protection. When you enable PSR, Email Security will automatically retract messages reported by users which are also deemed malicious by Email Security after analysis. This feature uses machine learning margin scores by adding the user as an additional neuron into Email Security's neural network.
+Phish Submission Response (PSR) is an additional layer of protection. When you enable PSR, Email security will automatically retract messages reported by users which are also deemed malicious by Email security after analysis. This feature uses machine learning margin scores by adding the user as an additional neuron into Email security's neural network.
To enable PSR:
-1. Log in to the [Email Security dashboard](https://horizon.area1security.com/).
+1. Log in to the [Email security dashboard](https://horizon.area1security.com/).
2. Go to **Settings** (the gear icon).
3. In **Email Configuration**, go to **Retract Settings** > **Auto-Retract**.
4. Enable **Phish Submission Response (Beta)**.
@@ -62,21 +61,21 @@ PSR works only for the phish samples submitted to [user submission addresses](ht
## False positives
-If you find emails in your Email Security account that are actually false positives, you can report them from the Email Security dashboard:
+If you find emails in your Email security account that are actually false positives, you can report them from the Email security dashboard:
-1. Log in to the [Email Security dashboard](https://horizon.area1security.com/).
+1. Log in to the [Email security dashboard](https://horizon.area1security.com/).
2. Select the **Search** bar.
3. Search for one or more messages that you want to report as a false positive, and select **Report as false positive**.
-4. In the next screen, choose a disposition from the list to clarify the nature of the false positive. The options are *Bulk*, *Malicious*, *None*, *Spam*, *Spoof* and *Suspicious*.
+4. In the next screen, choose a disposition from the list to clarify the nature of the false positive. The options are _Bulk_, _Malicious_, _None_, _Spam_, _Spoof_ and _Suspicious_.
5. Select **Report False Positive**.
## False negatives
-[Email Security administrators](/email-security/account-setup/permissions/) can also submit false negatives directly from the dashboard:
+[Email security administrators](/email-security/account-setup/permissions/) can also submit false negatives directly from the dashboard:
-1. Log in to the [Email Security dashboard](https://horizon.area1security.com/).
+1. Log in to the [Email security dashboard](https://horizon.area1security.com/).
2. Select the **Search** bar.
3. Search for one or more messages that you want to report as a false negative, and select **Report as False Negative**.
-4. In the next screen, choose a disposition from the list to clarify the nature of the false negative. The options are *Bulk*, *Malicious*, *Spam*, *Suspicious* and *Spoof*.
+4. In the next screen, choose a disposition from the list to clarify the nature of the false negative. The options are _Bulk_, _Malicious_, _Spam_, _Suspicious_ and _Spoof_.
5. Select **Report False Negative**.
diff --git a/src/content/docs/email-security/email-configuration/phish-submissions/knowbe4.mdx b/src/content/docs/email-security/email-configuration/phish-submissions/knowbe4.mdx
index 84a58b08e5bf95a..8d350db3103a01b 100644
--- a/src/content/docs/email-security/email-configuration/phish-submissions/knowbe4.mdx
+++ b/src/content/docs/email-security/email-configuration/phish-submissions/knowbe4.mdx
@@ -8,7 +8,7 @@ head:
import { Render } from "~/components";
-If you have KnowBe4 Phish Alert Button (PAB) for Microsoft Outlook, Microsoft Exchange, Microsoft 365, and Google Workspace follow the steps below to set it up with Email Security and report suspicious emails.
+If you have KnowBe4 Phish Alert Button (PAB) for Microsoft Outlook, Microsoft Exchange, Microsoft 365, and Google Workspace follow the steps below to set it up with Email security and report suspicious emails.
1. Log in to your KnowBe4 console.
2. Select the **cog symbol** to go to your **Account Settings** screen.
@@ -18,7 +18,7 @@ If you have KnowBe4 Phish Alert Button (PAB) for Microsoft Outlook, Microsoft Ex
6. If you do want to differentiate between spam and malicious emails, go to **Comments and Disposition Settings**.
7. Select **Allow users to leave comments and disposition**.
8. Select **Disable Unknown Email Disposition**.
-9. In **Send Dispositioned Emails to**, you need to enter the email addresses to forward spam and malicious emails. You can find these addresses in your **Email Security dashboard** > **Support** > [**Service Addresses**](https://horizon.area1security.com/support/service-addresses):
+9. In **Send Dispositioned Emails to**, you need to enter the email addresses to forward spam and malicious emails. You can find these addresses in your **Email security dashboard** > **Support** > [**Service Addresses**](https://horizon.area1security.com/support/service-addresses):
1. **Phishing/Suspicious**: Enter your malicious email address. For example, `
+user+malicious@submission.area1reports.com`.
2. **Spam/Junk**: Enter your spam email address. For example, `+user+spam@submission.area1reports.com`.
10. Select **Save changes**.
diff --git a/src/content/docs/email-security/email-configuration/phish-submissions/microsoft-report-message.mdx b/src/content/docs/email-security/email-configuration/phish-submissions/microsoft-report-message.mdx
index 07d8610bd2e0884..861b3391476583a 100644
--- a/src/content/docs/email-security/email-configuration/phish-submissions/microsoft-report-message.mdx
+++ b/src/content/docs/email-security/email-configuration/phish-submissions/microsoft-report-message.mdx
@@ -1,11 +1,10 @@
---
title: Microsoft Report Message (not compatible)
pcx_content_type: concept
-
---
-Due to changes in the flow of submission messages, Microsoft no longer honors mail flow rules for the Microsoft Report Message button. Therefore, Email Security is not compatible with this tool anymore.
+Due to changes in the flow of submission messages, Microsoft no longer honors mail flow rules for the Microsoft Report Message button. Therefore, Email security is not compatible with this tool anymore.
To learn more about what is happening, log in to your Microsoft account as an administrator, and [review the communication from Microsoft](https://admin.microsoft.com/AdminPortal/Home?ref=MessageCenter/:/messages/MC690173).
-If you need to submit phish samples or missed phish to Email Security, we recommend using the [PhishNet for Office 365](/email-security/email-configuration/phish-submissions/phishnet-o365/) integrated app instead.
+If you need to submit phish samples or missed phish to Email security, we recommend using the [PhishNet for Office 365](/email-security/email-configuration/phish-submissions/phishnet-o365/) integrated app instead.
diff --git a/src/content/docs/email-security/email-configuration/phish-submissions/phishnet-gworkspace.mdx b/src/content/docs/email-security/email-configuration/phish-submissions/phishnet-gworkspace.mdx
index 35beae0bb4e1cdc..f92c5c85d970187 100644
--- a/src/content/docs/email-security/email-configuration/phish-submissions/phishnet-gworkspace.mdx
+++ b/src/content/docs/email-security/email-configuration/phish-submissions/phishnet-gworkspace.mdx
@@ -1,12 +1,11 @@
---
title: PhishNet for Google Workspace
pcx_content_type: how-to
-
---
-import { GlossaryTooltip } from "~/components"
+import { GlossaryTooltip } from "~/components";
-PhishNet is an add-in button that helps users to submit directly to Email Security (formerly Area 1) phish samples missed by Area 1’s detection. PhishNet avoids the previous process, where users had to report phish to their email admins, which then had to manually download and forward the sample to Email Security.
+PhishNet is an add-in button that helps users to submit directly to Email security (formerly Area 1) phish samples missed by Area 1’s detection. PhishNet avoids the previous process, where users had to report phish to their email admins, which then had to manually download and forward the sample to Email security.
## Prerequisites
@@ -64,7 +63,7 @@ Cloudflare PhishNet is now installed.
@@ -74,4 +73,4 @@ Cloudflare PhishNet is now installed.
5. Select **Submit Report**.
-PhishNet will show you a **Submission Complete** message once the email has been successfully submitted to Email Security (formerly Area 1) for review.
+PhishNet will show you a **Submission Complete** message once the email has been successfully submitted to Email security (formerly Area 1) for review.
diff --git a/src/content/docs/email-security/email-configuration/phish-submissions/phishnet-o365.mdx b/src/content/docs/email-security/email-configuration/phish-submissions/phishnet-o365.mdx
index 067eb8e73b21fbe..ade4517a9d90c23 100644
--- a/src/content/docs/email-security/email-configuration/phish-submissions/phishnet-o365.mdx
+++ b/src/content/docs/email-security/email-configuration/phish-submissions/phishnet-o365.mdx
@@ -1,19 +1,18 @@
---
title: PhishNet for Office 365
pcx_content_type: how-to
-
---
-import { GlossaryTooltip } from "~/components"
+import { GlossaryTooltip } from "~/components";
-PhishNet is an add-in button that helps users to submit directly to Email Security (formerly Area 1)
phish samples missed by Email Security detection. PhishNet avoids the previous process, where users had to report phish to their email admins, which then had to manually download and forward the sample to Email Security.
+PhishNet is an add-in button that helps users to submit directly to Email security (formerly Area 1)
phish samples missed by Email security detection. PhishNet avoids the previous process, where users had to report phish to their email admins, which then had to manually download and forward the sample to Email security.
## Prerequisites
To set up PhishNet with Office 365, you will need:
-* An Email Security account with admin access.
-* Admin access to Microsoft.com.
+- An Email security account with admin access.
+- Admin access to Microsoft.com.
:::note
@@ -34,7 +33,7 @@ Only admin users can deploy PhishNet for all users in Office 365. Non-admin user
-5. On a new browser tab, [log in to Email Security (formerly Area 1)](https://horizon.area1security.com) with an admin account.
+5. On a new browser tab, [log in to Email security (formerly Area 1)](https://horizon.area1security.com) with an admin account.
6. Select **Settings** (gear icon).
@@ -48,15 +47,15 @@ Only admin users can deploy PhishNet for all users in Office 365. Non-admin user
9. Go back to the Microsoft admin browser tab.
-10. From **Upload Apps to deploy**, select **Provide link to manifest file**, and paste the URL you copied from your Email Security dashboard.
+10. From **Upload Apps to deploy**, select **Provide link to manifest file**, and paste the URL you copied from your Email security dashboard.
- 
+ 
11. Select **Validate**. Wait for a success message to appear below the input. Then, select **Next**.
12. Under **Assign users**, select **Entire Organization**, and then select **Next**.
- 
+ 
13. In **App Permissions and Capabilities**, make sure PhishNet has the correct permissions: `Outlook: ReadWriteMailbox, SendReceiveData`. Then, select **Next**.
@@ -89,4 +88,4 @@ If you cannot find the PhishNet icon, select the **More actions** menu (the thre
4. Select **Submit Report**.
-Once the email has been successfully submitted to Email Security for review, PhishNet will show you a **Submission Complete** message.
+Once the email has been successfully submitted to Email security for review, PhishNet will show you a **Submission Complete** message.
diff --git a/src/content/docs/email-security/email-configuration/retract-settings/index.mdx b/src/content/docs/email-security/email-configuration/retract-settings/index.mdx
index 1d089cdbaa8db78..75c5e5ccab3303c 100644
--- a/src/content/docs/email-security/email-configuration/retract-settings/index.mdx
+++ b/src/content/docs/email-security/email-configuration/retract-settings/index.mdx
@@ -3,32 +3,31 @@ title: Retract settings
pcx_content_type: how-to
sidebar:
order: 5
-
---
-import { GlossaryTooltip } from "~/components"
+import { GlossaryTooltip } from "~/components";
-When you are using an [API setup](/email-security/deployment/api/) for Email Security, you cannot prevent mail from reaching a recipient's mailbox.
+When you are using an [API setup](/email-security/deployment/api/) for Email security, you cannot prevent mail from reaching a recipient's mailbox.
However — so long as you also have [journaling](/email-security/deployment/api/setup/#journaling-setup), [BCC](/email-security/deployment/api/setup/#bcc-setup) or [MS Graph](/email-security/deployment/api/setup/office365-graph-api/) configured — you can set up message retraction to take post-delivery actions against suspicious messages. These retractions happen through API integrations with Microsoft 365 and Google Workspaces (Gmail).
## Retraction options
-Once you set up retraction, you can retract messages manually or set up automatic retractions to move messages matching certain
dispositions to specific folders within a user’s mailbox. You can also enable Post Delivery Response and Phish Submission Response to re-evaluate messages previously delivered against new information gathered by Email Security. Scanned emails that were previously delivered and now match this new
phishing information will be retracted.
+Once you set up retraction, you can retract messages manually or set up automatic retractions to move messages matching certain
dispositions to specific folders within a user’s mailbox. You can also enable Post Delivery Response and Phish Submission Response to re-evaluate messages previously delivered against new information gathered by Email security. Scanned emails that were previously delivered and now match this new
phishing information will be retracted.
Refer to [Gmail](/email-security/deployment/api/setup/gsuite-bcc-setup/add-retraction/) and [Office 365](/email-security/email-configuration/retract-settings/office365-retraction/) guides for detailed information regarding these options.
## Retraction metrics
-Setting up retraction also gives you access to metrics for this feature. After logging in to your [Email Security dashboard](https://horizon.area1security.com), search for the **Retractions** card. Metrics for retractions include information such as:
+Setting up retraction also gives you access to metrics for this feature. After logging in to your [Email security dashboard](https://horizon.area1security.com), search for the **Retractions** card. Metrics for retractions include information such as:
-* **Total retractions**: Displays the total amount of retractions performed.
-* **Success**: Shows the percentage of messages Email Security was able to find and retract successfully.
-* **Fail**: Displays the percentage of messages Email Security was not successfully able to retract. Reasons for failure include:
- * The user has already deleted or marked the message as junk, either manually or via a mailbox filter.
- * The specific copy of the message being retracted was sent to a distribution list address that may not exist as a mailbox, and so the retraction will fail. Separate copies of the message that are sent to each member of that distribution list will be retracted.
- * The retraction is not, or is no longer, authorized.
-* **Unread/Read**: Refers to the state of the message at the time it was retracted. For automated retractions, Email Security tries to perform retraction as quickly as possible so the user has no time to see or open the message. Manual retraction might happen at a later time, and so the messages are more likely to have already been read.
-* **Auto/Manual**: Refers to the percentage of messages retracted through the automatic/manual modes.
+- **Total retractions**: Displays the total amount of retractions performed.
+- **Success**: Shows the percentage of messages Email security was able to find and retract successfully.
+- **Fail**: Displays the percentage of messages Email security was not successfully able to retract. Reasons for failure include:
+ - The user has already deleted or marked the message as junk, either manually or via a mailbox filter.
+ - The specific copy of the message being retracted was sent to a distribution list address that may not exist as a mailbox, and so the retraction will fail. Separate copies of the message that are sent to each member of that distribution list will be retracted.
+ - The retraction is not, or is no longer, authorized.
+- **Unread/Read**: Refers to the state of the message at the time it was retracted. For automated retractions, Email security tries to perform retraction as quickly as possible so the user has no time to see or open the message. Manual retraction might happen at a later time, and so the messages are more likely to have already been read.
+- **Auto/Manual**: Refers to the percentage of messages retracted through the automatic/manual modes.
Selecting **View details** will perform a search for retracted emails for the selected time interval.
diff --git a/src/content/docs/email-security/email-configuration/retract-settings/office365-retraction.mdx b/src/content/docs/email-security/email-configuration/retract-settings/office365-retraction.mdx
index fa2e72392480f2c..b2644fd03f67e2b 100644
--- a/src/content/docs/email-security/email-configuration/retract-settings/office365-retraction.mdx
+++ b/src/content/docs/email-security/email-configuration/retract-settings/office365-retraction.mdx
@@ -14,41 +14,41 @@ import { Render } from "~/components";
In this tutorial you will learn how to set up email retraction for Microsoft Office 365.
-## 1. Authorize Email Security with Office 365 for retraction
+## 1. Authorize Email security with Office 365 for retraction
-For message retraction to successfully execute, Email Security needs to be authorized to make API calls into the Office 365 Graph API architecture. The account used to authorize Email Security requires the **Privileged role admin** role.
+For message retraction to successfully execute, Email security needs to be authorized to make API calls into the Office 365 Graph API architecture. The account used to authorize Email security requires the **Privileged role admin** role.
When assigning user roles in the Office 365 console, you will find these roles in **User permissions** > **Roles configuration** > **Identity admin roles**.
### How does the authorization work?
-The authorization process grants Email Security access to the Azure environment with the least applicable privileges required to function. The Enterprise Application that Email Security registers (the Email Security Synchronator) is not tied to any administrator account. Inside of the Azure Active Directory admin center you can review the permissions granted to the application in the Enterprise Application section.
+The authorization process grants Email security access to the Azure environment with the least applicable privileges required to function. The Enterprise Application that Email security registers (the Email security Synchronator) is not tied to any administrator account. Inside of the Azure Active Directory admin center you can review the permissions granted to the application in the Enterprise Application section.
-
+
-1. Log in to the [Email Security dashboard](https://horizon.area1security.com/), and select **Settings** (the gear icon).
+1. Log in to the [Email security dashboard](https://horizon.area1security.com/), and select **Settings** (the gear icon).
2. Go to **Email Configuration** > **RETRACT SETTINGS**.
- 
+ 
:::note
If you do not see the Retract Settings option, [contact customer support](/support/contacting-cloudflare-support/) to enable the feature.
:::
-1. You need to authorize Email Security to execute retractions through the Graph API of Office 365. Make sure that the account that you will be using to authenticate has the appropriate administrative roles assigned. Select **Authorize** to start the process.
+1. You need to authorize Email security to execute retractions through the Graph API of Office 365. Make sure that the account that you will be using to authenticate has the appropriate administrative roles assigned. Select **Authorize** to start the process.
- 
+ 
-2. The Email Security dashboard will redirect you to a Microsoft login page. Select or enter the appropriate account to initiate the authentication process.
+2. The Email security dashboard will redirect you to a Microsoft login page. Select or enter the appropriate account to initiate the authentication process.
- 
+ 
3. Once authenticated, the system will show a dialog box with a list of the requested permissions. Select **Accept** to authorize the change.
- 
+ 
-4. Upon authorization, you will be automatically redirected to the Email Security dashboard, with a notification that the authorization completed successfully. Select **Dismiss** to clear the notification.
+4. Upon authorization, you will be automatically redirected to the Email security dashboard, with a notification that the authorization completed successfully. Select **Dismiss** to clear the notification.
diff --git a/src/content/docs/email-security/glossary.mdx b/src/content/docs/email-security/glossary.mdx
index 98bffcec78b5866..f4366823adedfa0 100644
--- a/src/content/docs/email-security/glossary.mdx
+++ b/src/content/docs/email-security/glossary.mdx
@@ -1,11 +1,10 @@
---
title: Glossary
pcx_content_type: glossary
-
---
-import { Glossary } from "~/components"
+import { Glossary } from "~/components";
-Review the definitions for terms used across Email Security (formerly Area 1) documentation.
+Review the definitions for terms used across Email security (formerly Area 1) documentation.
diff --git a/src/content/docs/email-security/index.mdx b/src/content/docs/email-security/index.mdx
index c223a5aa6d16b1e..024aefa1ad29e65 100644
--- a/src/content/docs/email-security/index.mdx
+++ b/src/content/docs/email-security/index.mdx
@@ -18,7 +18,7 @@ import {
-Stop phishing attacks with Email Security (formerly Area 1) cloud-native email security service.
+Stop phishing attacks with Email security (formerly Area 1) cloud-native email security service.
@@ -26,7 +26,7 @@ Stop
phishing attacks with Em
:::note[Area 1 has been renamed]
-Area 1 is now **Email Security (formerly Area 1)**. Customers who purchased the new Email Security can access the documentation by going to Cloudflare Zero Trust > [Email Security](/cloudflare-one/email-security/).
+Area 1 is now **Email security (formerly Area 1)**. Customers who purchased the new Email security can access the documentation by going to Cloudflare Zero Trust > [Email security](/cloudflare-one/email-security/).
:::
@@ -43,14 +43,14 @@ Area 1 is now **Email Security (formerly Area 1)**. Customers who purchased the
href="/email-security/deployment/"
cta="Evaluate deployment options"
>
- Email Security (formerly Area 1) provides two architectures to protect your
+ Email security (formerly Area 1) provides two architectures to protect your
organization: inline or API setup. Inline architecture evaluates email
messages before they reach a user's inbox. API architecture evaluates emails
when they have already reached a user's inbox.
- In addition to standard logins, Email Security (formerly Area 1) offers
+ In addition to standard logins, Email security (formerly Area 1) offers
support for SAML based single
sign-on (SSO) logins to your dashboard.
@@ -84,7 +84,7 @@ Area 1 is now **Email Security (formerly Area 1)**. Customers who purchased the
product="email-routing"
>
Email Routing simplifies the way you create and manage custom email addresses.
- Email Security (formerly Area 1) helps secure your mail infrastructure from
+ Email security (formerly Area 1) helps secure your mail infrastructure from
phishing attacks.
@@ -105,7 +105,7 @@ Area 1 is now **Email Security (formerly Area 1)**. Customers who purchased the
-Email Security (formerly Area 1) is available as a standalone product purchase.
+Email security (formerly Area 1) is available as a standalone product purchase.
diff --git a/src/content/docs/email-security/migrate-to-email-security.mdx b/src/content/docs/email-security/migrate-to-email-security.mdx
index a822c6379cfa82c..797e8cc0d80736b 100644
--- a/src/content/docs/email-security/migrate-to-email-security.mdx
+++ b/src/content/docs/email-security/migrate-to-email-security.mdx
@@ -1,5 +1,5 @@
---
-title: Migrate to Email Security
+title: Migrate to Email security
pcx_content_type: how-to
sidebar:
order: 9
@@ -7,10 +7,10 @@ sidebar:
import { Render } from "~/components";
-This page aims at showing you how to perform Area 1 actions in [Zero Trust Email Security](/cloudflare-one/email-security/), and new terminology introduced in Email Security.
+This page aims at showing you how to perform Area 1 actions in [Zero Trust Email security](/cloudflare-one/email-security/), and new terminology introduced in Email security.
:::note
-Your Area 1 data and configuration settings are available in Email Security.
+Your Area 1 data and configuration settings are available in Email security.
:::
@@ -22,59 +22,59 @@ In Area 1, you can reach out to support via the following email addresses:
- support@area1security.com
- phishguard@area1security.com (for PhishGuard customers only)
-In Email Security, you can raise a ticket by contacting [technical support](https://dash.cloudflare.com/?to=/:account/support) on the Cloudflare dashboard:
+In Email security, you can raise a ticket by contacting [technical support](https://dash.cloudflare.com/?to=/:account/support) on the Cloudflare dashboard:
1. Select your account and choose **Technical support**.
2. In **Solve your issue**, answer the following questions:
- What type of question do you have? Select **Technical - Other Products**
- - In what area can we help you? Select **Email Security**
+ - In what area can we help you? Select **Email security**
- What feature, service or problem is this related to? Choose among **Configuration**, **Detections** or **PhishGuard**.
## Invite users
In Area 1, you [invite users](/email-security/account-setup/manage-account-members/#add-user) by logging in to the Area 1 portal and inviting members.
-To invite users in Zero Trust Email Security:
+To invite users in Zero Trust Email security:
1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
2. Go to **Manage Account**.
3. Select **Members** > **Invite** > [Add account members](/fundamentals/manage-members/manage/#add-account-members).
-Once you have added new account members, you will have to assign each member an [Email Security role](/cloudflare-one/roles-permissions/#email-security-roles).
+Once you have added new account members, you will have to assign each member an [Email security role](/cloudflare-one/roles-permissions/#email-security-roles).
-| Area 1 | Email Security | Description |
+| Area 1 | Email security | Description |
| ------------------- | ------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| N/A | Cloudflare Zero Trust | Can edit Cloudflare [Zero Trust](/cloudflare-one/). Has administrator access to all Zero Trust products including Access, Gateway, WARP, Tunnel, Browser Isolation, CASB, DLP, DEX, and Email Security. |
-| Super Admin | Email Security Analyst + Email Security Configuration Admin = Super Admin | Has full access to all admin features in Email Security |
-| Configuration Admin | Email Security Configuration Admin | Has administrator access. Cannot take actions on emails, or read emails |
-| SOC Analyst | Email Security Analyst | Has analyst access. Can take action on emails and read emails. |
-| Viewer | Email Security Reporting | Can read metrics |
-| N/A | Cloudflare Zero Trust PII | Can read PII in Zero Trust (this includes Email Security) |
-| N/A | Email Security Policy Admin | Can read all settings, but only write allow policies, trusted domains, and blocked senders |
+| N/A | Cloudflare Zero Trust | Can edit Cloudflare [Zero Trust](/cloudflare-one/). Has administrator access to all Zero Trust products including Access, Gateway, WARP, Tunnel, Browser Isolation, CASB, DLP, DEX, and Email security. |
+| Super Admin | Email security Analyst + Email security Configuration Admin = Super Admin | Has full access to all admin features in Email security |
+| Configuration Admin | Email security Configuration Admin | Has administrator access. Cannot take actions on emails, or read emails |
+| SOC Analyst | Email security Analyst | Has analyst access. Can take action on emails and read emails. |
+| Viewer | Email security Reporting | Can read metrics |
+| N/A | Cloudflare Zero Trust PII | Can read PII in Zero Trust (this includes Email security) |
+| N/A | Email security Policy Admin | Can read all settings, but only write allow policies, trusted domains, and blocked senders |
## Create webhooks
:::note
-Starting from October 1, 2025, Area 1 webhooks will be visible in Zero Trust Email Security, but non-configurable. Use [Logpush](/cloudflare-one/insights/logs/enable-logs/#enable-user-action-logs) to create new webhooks or configure webhooks.
+Starting from October 1, 2025, Area 1 webhooks will be visible in Zero Trust Email security, but non-configurable. Use [Logpush](/cloudflare-one/insights/logs/enable-logs/#enable-user-action-logs) to create new webhooks or configure webhooks.
:::
In Area 1, you can [create alert webhooks](/email-security/email-configuration/domains-and-routing/alert-webhooks/#create-an-alert-webhook).
-In Zero Trust Email Security, webhooks are instead referred to as logs. You can enable [detection logs](/cloudflare-one/insights/logs/enable-logs/#enable-detection-logs) and/or [user action logs](/cloudflare-one/insights/logs/enable-logs/#enable-user-action-logs). Additionally, you can enable [Outbound Data Loss Prevention](/cloudflare-one/email-security/outbound-dlp/) to protect sensitive information in outbound emails.
+In Zero Trust Email security, webhooks are instead referred to as logs. You can enable [detection logs](/cloudflare-one/insights/logs/enable-logs/#enable-detection-logs) and/or [user action logs](/cloudflare-one/insights/logs/enable-logs/#enable-user-action-logs). Additionally, you can enable [Outbound Data Loss Prevention](/cloudflare-one/email-security/outbound-dlp/) to protect sensitive information in outbound emails.
## Set up system alerts
-You can check the Area 1 and Email Security status in the [Cloudflare System Status](https://www.cloudflarestatus.com/).
+You can check the Area 1 and Email security status in the [Cloudflare System Status](https://www.cloudflarestatus.com/).
To view Area 1 status:
-- Search for **Email Security (Area1)** and check that the status is set to **Operational**. This means that emails are being processed.
+- Search for **Email security (Area1)** and check that the status is set to **Operational**. This means that emails are being processed.
- Search for **Area 1 - Dash** to check the status of the Area 1 dashboard.
- Search for **Area 1 - API** to check the status of the API endpoints.
-To view Email Security status:
+To view Email security status:
-- Search for **Email Security (Zero Trust)** and check that the status is set to **Operational**. This means that emails are being processed.
+- Search for **Email security (Zero Trust)** and check that the status is set to **Operational**. This means that emails are being processed.
- Search for **Zero Trust Dashboard** to check the status of the Zero Trust dashboard.
- Search for **API** to check the status of the API endpoints.
@@ -83,12 +83,12 @@ You can also check the status of APIs through the [Cloudflare Status API](https:
## Email reports
:::note
-Starting from October 1, 2025, weekly and daily email reports will no longer be available. Go to [Monitoring](/cloudflare-one/email-security/monitoring/) in Email Security to monitor your inbox.
+Starting from October 1, 2025, weekly and daily email reports will no longer be available. Go to [Monitoring](/cloudflare-one/email-security/monitoring/) in Email security to monitor your inbox.
:::
In Area 1, you receive daily or weekly updates of the number of emails dispositioned.
-In Email Security, you can view [email monitoring](/cloudflare-one/email-security/monitoring/) over the last 90, 30, 7, 3, 1 day(s).
+In Email security, you can view [email monitoring](/cloudflare-one/email-security/monitoring/) over the last 90, 30, 7, 3, 1 day(s).
## Email alerts for detections
@@ -98,13 +98,13 @@ Starting from October 1, 2025, emails alerts for detections will no longer be av
In Area 1, you receive an email when an email is assigned a disposition.
-In Email Security, you enable [Logpush](/cloudflare-one/insights/logs/enable-logs/#enable-detection-logs) to enable detection logs.
+In Email security, you enable [Logpush](/cloudflare-one/insights/logs/enable-logs/#enable-detection-logs) to enable detection logs.
## Search emails
In Area 1, you can perform two types of search: [Fielded Search](/email-security/reporting/search/#fielded-search) and [Freeform Search](/email-security/reporting/search/#freeform-search).
-In Email Security, the ability to search emails has been expanded. You can use three different [screen criteria](/cloudflare-one/email-security/monitoring/search-email/#screen-criteria) to search emails:
+In Email security, the ability to search emails has been expanded. You can use three different [screen criteria](/cloudflare-one/email-security/monitoring/search-email/#screen-criteria) to search emails:
- [Advanced screen](/cloudflare-one/email-security/monitoring/search-email/#advanced-screen)
- [Regular screen](/cloudflare-one/email-security/monitoring/search-email/#regular-screen)
@@ -114,19 +114,19 @@ In Email Security, the ability to search emails has been expanded. You can use t
In Area 1, you can check [statistics](/email-security/reporting/statistics-overview/) in your Home section.
-In Email Security, you can check your metrics in the [Monitoring](/cloudflare-one/email-security/monitoring/) section in the dashboard.
+In Email security, you can check your metrics in the [Monitoring](/cloudflare-one/email-security/monitoring/) section in the dashboard.
## Move messages to a specific folder
Area 1 allows you to set up [message retraction](/email-security/email-configuration/retract-settings/) to move messages to specific folders. This is known as **retraction**.
-Moving messages to a specific folder is known as [auto-moves](/cloudflare-one/email-security/settings/auto-moves/) in Zero Trust Email Security.
+Moving messages to a specific folder is known as [auto-moves](/cloudflare-one/email-security/settings/auto-moves/) in Zero Trust Email security.
## Create policies
This table displays the difference in terminology used when creating policies:
-| Area 1 | Email Security |
+| Area 1 | Email security |
| --------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- |
| [Allowed patterns](/email-security/email-configuration/lists/allowed-patterns/) | [Allow policies](/cloudflare-one/email-security/settings/detection-settings/allow-policies/) |
| [Block lists](/email-security/email-configuration/lists/block-list/) | [Blocked senders](/cloudflare-one/email-security/settings/detection-settings/blocked-senders/) |
@@ -139,7 +139,7 @@ This table displays the difference in terminology used when creating policies:
This table displays the difference in terminology used when finding emails whose disposition is incorrect:
-| Area 1 | Email Security |
+| Area 1 | Email security |
| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
| Report [false negative](/email-security/email-configuration/phish-submissions/#false-negatives)/[false positive](/email-security/email-configuration/phish-submissions/#false-positives) | [ Reclassify messages ](/cloudflare-one/email-security/monitoring/search-email/#reclassify-messages) |
| N/A | Escalate user submissions |
@@ -150,20 +150,20 @@ This table displays the difference in terminology used when finding emails whose
In Area 1, you can set up a [Business email compromise (BEC)](/email-security/email-configuration/enhanced-detections/business-email-compromise/) list to protect against attackers who try to impersonate executives.
-In Email Security, this feature is known as [impersonation registry](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/).
+In Email security, this feature is known as [impersonation registry](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/).
## Synchronize directories
In Area 1, you can [integrate directories](/email-security/email-configuration/enhanced-detections/business-email-compromise/#integrating-a-directory) in your email provider.
-In Email Security, you can add and sync [directories](/cloudflare-one/email-security/directories/).
+In Email security, you can add and sync [directories](/cloudflare-one/email-security/directories/).
## API
:::note
-Area 1 API endpoints will deprecate on December 18, 2025. Use the [Email Security API](https://developers.cloudflare.com/api/resources/email_security/) endpoints to prevent interruption to your normal operations.
+Area 1 API endpoints will deprecate on December 18, 2025. Use the [Email security API](https://developers.cloudflare.com/api/resources/email_security/) endpoints to prevent interruption to your normal operations.
:::
To access Area 1 API, go to the [API Documentation](https://developers.cloudflare.com/email-security/static/api_documentation_1.38.1.pdf). You can set up a [service account](https://developers.cloudflare.com/email-security/api/service-accounts/) to configure API tokens.
-To access Email Security API, go to [Email Security API](https://developers.cloudflare.com/api/resources/email_security/). You can set up an [API token](/fundamentals/api/get-started/create-token/) to use the Email Security API.
+To access Email security API, go to [Email security API](https://developers.cloudflare.com/api/resources/email_security/). You can set up an [API token](/fundamentals/api/get-started/create-token/) to use the Email security API.
diff --git a/src/content/docs/email-security/partners.mdx b/src/content/docs/email-security/partners.mdx
index e4fc12bc20ff851..21b3c1d020edbc6 100644
--- a/src/content/docs/email-security/partners.mdx
+++ b/src/content/docs/email-security/partners.mdx
@@ -11,7 +11,7 @@ import { GlossaryTooltip, Render } from "~/components";
-Email Security Channel and Alliance partners have the option to set up accounts for themselves and their customers.
+Email security Channel and Alliance partners have the option to set up accounts for themselves and their customers.
## Create accounts
@@ -25,7 +25,7 @@ Parent accounts are treated as containers with no services provisioned. User acc
This is only required for administrators that manage multiple accounts. For example, Managed Security Service Providers (MSSP) managing multiple customer accounts.
:::
-1. Log in to the [Email Security dashboard](https://horizon.area1security.com/).
+1. Log in to the [Email security dashboard](https://horizon.area1security.com/).
2. Go to **Settings** (the gear icon).
3. In **Delegated Accounts** > **Accounts**, select **Create new customer**.
4. Enter their information, and make sure you select _Parent_ in **Account Type**.
@@ -35,12 +35,12 @@ Your newly created account should show up in the list. If not, refresh the page.
### Create a child account
-1. Log in to the [Email Security dashboard](https://horizon.area1security.com/).
+1. Log in to the [Email security dashboard](https://horizon.area1security.com/).
2. Go to **Settings** (the gear icon).
3. In **Delegated Accounts** > **Accounts**, select the parent account where you want to create a child account.
4. Select **Create New customer**.
5. Enter their information, and make sure you select _Advantage_ in **Account Type**.
-6. Scroll down to the **Email Traffic Related Information** section, and enter the information related to your email provider. The number to enter in **Loopback Hops** will depend on your email configuration and where Email Security is in the chain of events. Refer to [Inline deployment](/email-security/deployment/inline/) and [API deployment](/email-security/deployment/api/) for more information.
+6. Scroll down to the **Email Traffic Related Information** section, and enter the information related to your email provider. The number to enter in **Loopback Hops** will depend on your email configuration and where Email security is in the chain of events. Refer to [Inline deployment](/email-security/deployment/inline/) and [API deployment](/email-security/deployment/api/) for more information.
7. For **Daily Email Volume** and **Number of Email Users** make sure you enter the appropriate values for your organization.
8. Select **Save**.
@@ -64,26 +64,26 @@ To create an account at parent level or child level:
## Escalation contacts
-You should add escalation contacts so Email Security can send notifications regarding detection events and critical service related issues. Email Security highly recommends that these contacts have both phone and email contacts.
+You should add escalation contacts so Email security can send notifications regarding detection events and critical service related issues. Email security highly recommends that these contacts have both phone and email contacts.
Refer to [Escalation contacts](/email-security/account-setup/escalation-contacts/) for more information.
## Status alerts
-Subscribe to incident status alerts [from Email Security](https://status.area1security.com/).
+Subscribe to incident status alerts [from Email security](https://status.area1security.com/).
## Domains setup (inline/API)
-Refer to the [setup options](/email-security/deployment/) for Email Security to learn about the best way of deploying Email Security in your organization. You can choose between two main setup architectures:
+Refer to the [setup options](/email-security/deployment/) for Email security to learn about the best way of deploying Email security in your organization. You can choose between two main setup architectures:
- Inline deployment
- API deployment
-With an [inline deployment](/email-security/deployment/inline/), Email Security evaluates email messages before they reach a user’s inbox. When you choose an [API deployment](/email-security/deployment/api/), email messages only reach Email Security after they have already reached a user’s inbox.
+With an [inline deployment](/email-security/deployment/inline/), Email security evaluates email messages before they reach a user’s inbox. When you choose an [API deployment](/email-security/deployment/api/), email messages only reach Email security after they have already reached a user’s inbox.
## Classification actions
-Email Security recommends that you quarantine `MALICIOUS` and `SPAM`
dispositions. You can configure this directly in [Office 365](/email-security/deployment/inline/setup/office-365-area1-mx/) and [Gsuite](/email-security/deployment/inline/setup/gsuite-area1-mx/), as well as [Email Security](/email-security/email-configuration/domains-and-routing/domains/).
+Email security recommends that you quarantine `MALICIOUS` and `SPAM`
dispositions. You can configure this directly in [Office 365](/email-security/deployment/inline/setup/office-365-area1-mx/) and [Gsuite](/email-security/deployment/inline/setup/gsuite-area1-mx/), as well as [Email security](/email-security/email-configuration/domains-and-routing/domains/).
## Message retraction
@@ -95,7 +95,7 @@ To add additional TLS requirements for emails coming from certain domains, you c
## Reports
-You can subscribe to [daily and weekly email reports](https://horizon.area1security.com/settings/subscriptions/email-subscriptions), as well as
SIEM events. For SIEM events, you will need to [configure your SIEM tool](/email-security/reporting/siem-integration/) into Email Security first.
+You can subscribe to [daily and weekly email reports](https://horizon.area1security.com/settings/subscriptions/email-subscriptions), as well as
SIEM events. For SIEM events, you will need to [configure your SIEM tool](/email-security/reporting/siem-integration/) into Email security first.
## Whitelisting and blocklisting senders
diff --git a/src/content/docs/email-security/reference/cloudflare-sso.mdx b/src/content/docs/email-security/reference/cloudflare-sso.mdx
index 8b525a7f8f89b5b..1e17ffff09ae628 100644
--- a/src/content/docs/email-security/reference/cloudflare-sso.mdx
+++ b/src/content/docs/email-security/reference/cloudflare-sso.mdx
@@ -5,7 +5,7 @@ sidebar:
order: 5
head: []
description: You can use your Cloudflare account as the single sign-on (SSO)
- authentication scheme to log in to the Email Security dashboard.
+ authentication scheme to log in to the Email security dashboard.
---
import { Render } from "~/components";
@@ -14,11 +14,11 @@ import { Render } from "~/components";
-You can use your Cloudflare account as the single sign-on (SSO) authentication scheme to log in to the Email Security dashboard:
+You can use your Cloudflare account as the single sign-on (SSO) authentication scheme to log in to the Email security dashboard:
-1. Log in to the [Email Security (formerly Area 1) dashboard](https://horizon.area1security.com/).
+1. Log in to the [Email security (formerly Area 1) dashboard](https://horizon.area1security.com/).
2. Select **Sign in with Cloudflare**. You will be redirected to your Cloudflare account to log in.
-3. Select **Allow** to allow Email Security to make changes to your Cloudflare account. You will be redirected to the Email Security dashboard.
-4. Enter your Email Security's email address to log in.
+3. Select **Allow** to allow Email security to make changes to your Cloudflare account. You will be redirected to the Email security dashboard.
+4. Enter your Email security's email address to log in.
-You can now use your Cloudflare account as a single sign-on authentication scheme to log in to Email Security. The next time you access the Email Security dashboard, just select **Sign in with Cloudflare** to log in.
+You can now use your Cloudflare account as a single sign-on authentication scheme to log in to Email security. The next time you access the Email security dashboard, just select **Sign in with Cloudflare** to log in.
diff --git a/src/content/docs/email-security/reference/dispositions-and-attributes.mdx b/src/content/docs/email-security/reference/dispositions-and-attributes.mdx
index b7330d547179cea..0eddcaaee643506 100644
--- a/src/content/docs/email-security/reference/dispositions-and-attributes.mdx
+++ b/src/content/docs/email-security/reference/dispositions-and-attributes.mdx
@@ -11,13 +11,13 @@ import { GlossaryTooltip, Render } from "~/components";
-Email Security uses a variety of factors to determine whether a given email message, domain, URL, or packet is part of a
phishing campaign. These small pattern assessments are dynamic in nature and — in many cases — no single pattern will determine the final verdict.
+Email security uses a variety of factors to determine whether a given email message, domain, URL, or packet is part of a
phishing campaign. These small pattern assessments are dynamic in nature and — in many cases — no single pattern will determine the final verdict.
-Based on these patterns, Email Security may add `X-Headers` to each email message that passes through our system.
+Based on these patterns, Email security may add `X-Headers` to each email message that passes through our system.
## Dispositions
-Any traffic that flows through Email Security is given a final disposition, which represents our evaluation of that specific message. Each message will only receive one disposition header so your organization can take clear and specific actions on different message types.
+Any traffic that flows through Email security is given a final disposition, which represents our evaluation of that specific message. Each message will only receive one disposition header so your organization can take clear and specific actions on different message types.
You can use disposition values when [creating your quarantine policy](/email-security/email-configuration/domains-and-routing/domains/) or [setting up auto-retract](/email-security/email-configuration/retract-settings/).
@@ -33,7 +33,7 @@ You can use disposition values when [creating your quarantine policy](/email-sec
### Header structure
-When Email Security adds a disposition header to an email message, that header matches the following format:
+When Email security adds a disposition header to an email message, that header matches the following format:
```txt
X-Area1Security-Disposition: [Value]
@@ -47,7 +47,7 @@ X-Area1Security-Disposition: UCE
## Attributes
-Traffic that flows through Email Security can also receive one or more **Attributes**, which indicate that a specific condition has been met.
+Traffic that flows through Email security can also receive one or more **Attributes**, which indicate that a specific condition has been met.
### Available values
@@ -62,7 +62,7 @@ Traffic that flows through Email Security can also receive one or more **Attribu
### Header structure
-When Email Security adds a disposition header to an email message, that header matches the following format.
+When Email security adds a disposition header to an email message, that header matches the following format.
```txt
X-Area1Security-Attribute: [Value]
diff --git a/src/content/docs/email-security/reference/language-support.mdx b/src/content/docs/email-security/reference/language-support.mdx
index 79b9665bbeb0c9e..41179cbefc334f0 100644
--- a/src/content/docs/email-security/reference/language-support.mdx
+++ b/src/content/docs/email-security/reference/language-support.mdx
@@ -7,18 +7,17 @@ sidebar:
import { Render } from "~/components";
-
## Email evaluation
-The scanning service and verdict engines used by Email Security are language agnostic. We provide support for Double Byte Character sets (DBCS) and UTF-8, UTF-16, and UTF-32 encoding.
+The scanning service and verdict engines used by Email security are language agnostic. We provide support for Double Byte Character sets (DBCS) and UTF-8, UTF-16, and UTF-32 encoding.
## Dashboard
-The Email Security email dashboard is localized to several languages. To update your language settings:
+The Email security email dashboard is localized to several languages. To update your language settings:
-1. Log in to the [Email Security dashboard](https://horizon.area1security.com/).
+1. Log in to the [Email security dashboard](https://horizon.area1security.com/).
2. At the bottom of the page, select the language icon.
diff --git a/src/content/docs/email-security/reference/office365-gcc.mdx b/src/content/docs/email-security/reference/office365-gcc.mdx
index 79ea0e7dcc68fdf..515666c2a4a0a0b 100644
--- a/src/content/docs/email-security/reference/office365-gcc.mdx
+++ b/src/content/docs/email-security/reference/office365-gcc.mdx
@@ -16,4 +16,4 @@ Microsoft 365 Government Community Cloud (GCC) is designed to meet the requireme
GCC Low is intended for use by US government organizations that handle sensitive but unclassified data, and have less stringent compliance requirements.
-Email Security supports GCC Low environments.
+Email security supports GCC Low environments.
diff --git a/src/content/docs/email-security/reference/timestamps.mdx b/src/content/docs/email-security/reference/timestamps.mdx
index 809e3e6a8b5b3f0..8c39e5c655c504b 100644
--- a/src/content/docs/email-security/reference/timestamps.mdx
+++ b/src/content/docs/email-security/reference/timestamps.mdx
@@ -12,6 +12,6 @@ import { Render } from "~/components";
-The example below shows timestamps for [Audit logs](/email-security/reporting/audit-logs/). However, note that the same applies to all sections in the Email Security dashboard that show timestamps.
+The example below shows timestamps for [Audit logs](/email-security/reporting/audit-logs/). However, note that the same applies to all sections in the Email security dashboard that show timestamps.
diff --git a/src/content/docs/email-security/reporting/audit-logs.mdx b/src/content/docs/email-security/reporting/audit-logs.mdx
index 8e0fb13210621d7..fefc51713d180b2 100644
--- a/src/content/docs/email-security/reporting/audit-logs.mdx
+++ b/src/content/docs/email-security/reporting/audit-logs.mdx
@@ -4,28 +4,28 @@ pcx_content_type: how-to
sidebar:
order: 4
head: []
-description: Use Email Security (formerly Area 1) logs to review actions
+description: Use Email security (formerly Area 1) logs to review actions
performed on your account.
---
import { Render } from "~/components";
-You can use Email Security logs to review actions performed on your account:
+You can use Email security logs to review actions performed on your account:
-1. Log in to the [Email Security dashboard](https://horizon.area1security.com/).
+1. Log in to the [Email security dashboard](https://horizon.area1security.com/).
2. Go to **Settings** (the gear icon).
3. Go to **Users and Actions** > **Audit Log**.
4. Review the logs. You can also filter by type of log from the dropdown menu.
## Logs preview
-You can use one of the Preview logs to preview how Email Security handles post delivery retractions. With Audit logs Preview, Email Security shows you the emails that would have been retracted with Post Delivery Response (PDR) or Phish Submissions Response (PSR) enabled.
+You can use one of the Preview logs to preview how Email security handles post delivery retractions. With Audit logs Preview, Email security shows you the emails that would have been retracted with Post Delivery Response (PDR) or Phish Submissions Response (PSR) enabled.
Refer to **Post delivery retractions for new threats** for [Gmail](/email-security/deployment/api/setup/gsuite-bcc-setup/add-retraction/#post-delivery-retractions-for-new-threats) or [Office 365](/email-security/email-configuration/retract-settings/office365-retraction/#post-delivery-retractions-for-new-threats) to learn more about this feature.
To review preview logs:
-1. Log in to the [Email Security dashboard](https://horizon.area1security.com/).
+1. Log in to the [Email security dashboard](https://horizon.area1security.com/).
2. Go to **Settings** (the gear icon).
3. Go to **Users and Actions** > **Audit Log**.
4. From the dropdown, select one of the **Preview** logs. This will show you what would have been retracted with Post Delivery Response or Phish Submission Response enabled.
diff --git a/src/content/docs/email-security/reporting/index.mdx b/src/content/docs/email-security/reporting/index.mdx
index 6b33ae0e3c7b2e2..6886155122a1962 100644
--- a/src/content/docs/email-security/reporting/index.mdx
+++ b/src/content/docs/email-security/reporting/index.mdx
@@ -11,11 +11,11 @@ import { DirectoryListing, Render } from "~/components";
-Email Security offers a variety of ways for you to better examine and understand your message traffic:
+Email security offers a variety of ways for you to better examine and understand your message traffic:
-- The [Email Security API](/email-security/api/) also allows you to download historical records as needed.
+- The [Email security API](/email-security/api/) also allows you to download historical records as needed.
:::note
diff --git a/src/content/docs/email-security/reporting/phish-reports.mdx b/src/content/docs/email-security/reporting/phish-reports.mdx
index 17d23985e0992e8..940acca62fe07fe 100644
--- a/src/content/docs/email-security/reporting/phish-reports.mdx
+++ b/src/content/docs/email-security/reporting/phish-reports.mdx
@@ -5,18 +5,17 @@ sidebar:
order: 2
head: []
description: Access Phish reports through the dashboard or an email digest.
-
---
-import { GlossaryTooltip, Render } from "~/components"
+import { GlossaryTooltip, Render } from "~/components";
-Email Security automatically generates
phish reports to provide an overview of your email traffic. The report only includes malicious emails. Spam and bulk emails are not included.
+Email security automatically generates
phish reports to provide an overview of your email traffic. The report only includes malicious emails. Spam and bulk emails are not included.
## In the dashboard
-To view phishing reports in the Email Security dashboard, [log in](https://horizon.area1security.com/) and explore the non-Settings areas of the Email Security dashboard (**Home**, **Email**, **Web**, and **Detection Details**).
+To view phishing reports in the Email security dashboard, [log in](https://horizon.area1security.com/) and explore the non-Settings areas of the Email security dashboard (**Home**, **Email**, **Web**, and **Detection Details**).
## Through an email subscription
@@ -24,7 +23,7 @@ The same reports that are visible through the dashboard can also be delivered th
To subscribe an email address to daily or weekly reports:
-1. Log in to the [Email Security dashboard](https://horizon.area1security.com/).
+1. Log in to the [Email security dashboard](https://horizon.area1security.com/).
2. Go to **Settings** (the gear icon).
3. Go to **Subscriptions** > **Email Subscriptions**.
4. Select **Add Subscriber**.
diff --git a/src/content/docs/email-security/reporting/search/available-parameters.mdx b/src/content/docs/email-security/reporting/search/available-parameters.mdx
index ca6f6b939009f6a..2b897742749607e 100644
--- a/src/content/docs/email-security/reporting/search/available-parameters.mdx
+++ b/src/content/docs/email-security/reporting/search/available-parameters.mdx
@@ -3,52 +3,51 @@ title: Available parameters
pcx_content_type: reference
sidebar:
order: 2
-
---
-import { GlossaryTooltip } from "~/components"
+import { GlossaryTooltip } from "~/components";
You can pull information for a message in [search detections](/email-security/reporting/search/) using the following parameters:
-* From (`envelope_from`)
-* From Name
-* To (any) (`envelope_to`)
-* To Name (any)
-* Cc (any)
-* ReplyTo
-* Subject (any)
-* Sent DateTime (formatted as `YYYY-MM-DDTHH:MM:SS`)
-* Received DateTime (formatted as `YYYY-MM-DDTHH:MM:SS`)
-* final\_disposition
-* alert\_id
-* sha256 (attachments)
-* ssdeep (attachments)
-* name (attachments)
-* md5 (attachments)
-* Message-ID
-* smtp\_helo\_server\_ip
-* smtp\_previous\_hop\_ip
-* x\_originating\_ip
-* Reason(s) for Detection
+- From (`envelope_from`)
+- From Name
+- To (any) (`envelope_to`)
+- To Name (any)
+- Cc (any)
+- ReplyTo
+- Subject (any)
+- Sent DateTime (formatted as `YYYY-MM-DDTHH:MM:SS`)
+- Received DateTime (formatted as `YYYY-MM-DDTHH:MM:SS`)
+- final_disposition
+- alert_id
+- sha256 (attachments)
+- ssdeep (attachments)
+- name (attachments)
+- md5 (attachments)
+- Message-ID
+- smtp_helo_server_ip
+- smtp_previous_hop_ip
+- x_originating_ip
+- Reason(s) for Detection
## Search terms
In addition to the message parameters above, you can use these additional detection search strings:
-* phish\_submission
-* phish\_submission\_response
-* user\_submission
-* team\_submission
-* auto-retraction
-* browser\_isolation\_rewrite
+- phish_submission
+- phish_submission_response
+- user_submission
+- team_submission
+- auto-retraction
+- browser_isolation_rewrite
-For
disposition-specific submission searches, refer to [Service Addresses](https://horizon.area1security.com/support/service-addresses) in the Email Security dashboard.
+For
disposition-specific submission searches, refer to [Service Addresses](https://horizon.area1security.com/support/service-addresses) in the Email security dashboard.
## Data retention
-For Email Security Horizon Enterprise customers, detections search would index for a period of 12 months and rotate over to a rolling 12-month period.
+For Email security Horizon Enterprise customers, detections search would index for a period of 12 months and rotate over to a rolling 12-month period.
-For Email Security Horizon Advantage customers, detections search would index for three months and rotate over to a rolling 3-month period.
+For Email security Horizon Advantage customers, detections search would index for three months and rotate over to a rolling 3-month period.
## Scope of data retained
diff --git a/src/content/docs/email-security/reporting/search/index.mdx b/src/content/docs/email-security/reporting/search/index.mdx
index 6a4fe71ba69571d..8d69bf90dd8fe43 100644
--- a/src/content/docs/email-security/reporting/search/index.mdx
+++ b/src/content/docs/email-security/reporting/search/index.mdx
@@ -5,14 +5,14 @@ sidebar:
order: 1
head: []
description: Search for messages with a detection disposition or that have been
- processeded by Email Security (formerly Area 1).
+ processeded by Email security (formerly Area 1).
---
import { GlossaryTooltip, Render } from "~/components";
-You can search for emails that have been processed by Email Security (formerly Area 1), whether they are marked with a
detection disposition or not.
+You can search for emails that have been processed by Email security (formerly Area 1), whether they are marked with a
detection disposition or not.
There are two ways for searching emails:
@@ -33,7 +33,7 @@ For more exact matches, use the named fields in **Fielded Search** to denote whi
## Fielded Search
-1. Log in to the [Email Security dashboard](https://horizon.area1security.com/).
+1. Log in to the [Email security dashboard](https://horizon.area1security.com/).
2. Select the **Search** bar.
3. Fill out one or more of the following fields. Filling multiple fields is the equivalent of adding the `AND` operator between the following terms:
- **Terms**: Searches for terms in any of the available fields. If you want to search for a message that matches multiple recipients, use this field. Only one value can be specified in the **From** and **To** fields.
@@ -48,7 +48,7 @@ For more exact matches, use the named fields in **Fielded Search** to denote whi
## Freeform Search
-1. Log in to the [Email Security dashboard](https://horizon.area1security.com/).
+1. Log in to the [Email security dashboard](https://horizon.area1security.com/).
2. Select the **Search bar** > **Freeform Search**.
3. Build your search query — for example, `My great products`. The system will return all the emails that fit the query.
diff --git a/src/content/docs/email-security/reporting/siem-integration/index.mdx b/src/content/docs/email-security/reporting/siem-integration/index.mdx
index e4e5d9e736984ca..1c4f052e5c070b4 100644
--- a/src/content/docs/email-security/reporting/siem-integration/index.mdx
+++ b/src/content/docs/email-security/reporting/siem-integration/index.mdx
@@ -13,7 +13,7 @@ import { DirectoryListing, GlossaryTooltip, Render } from "~/components";
-With a bit of configuration, you can also bring Email Security (formerly Area 1) data into your
Security Information and Event Management (SIEM) tools to view message-level information outside of the dashboard and create your own custom reports.
+With a bit of configuration, you can also bring Email security (formerly Area 1) data into your
Security Information and Event Management (SIEM) tools to view message-level information outside of the dashboard and create your own custom reports.
## Connect a SIEM tool
diff --git a/src/content/docs/email-security/reporting/siem-integration/knowbe4-integration-guide.mdx b/src/content/docs/email-security/reporting/siem-integration/knowbe4-integration-guide.mdx
index 0173da8199975d6..ec46b072d1f0824 100644
--- a/src/content/docs/email-security/reporting/siem-integration/knowbe4-integration-guide.mdx
+++ b/src/content/docs/email-security/reporting/siem-integration/knowbe4-integration-guide.mdx
@@ -4,28 +4,27 @@ pcx_content_type: integration-guide
reviewed: 2023-08-04
head: []
description: KnowBe4 integration guide
-
---
-import { GlossaryTooltip } from "~/components"
+import { GlossaryTooltip } from "~/components";
-When Email Security detects a
phishing email, the metadata of the detection can be sent directly to KnowBe4. For this tutorial, you will need a working KnowBe4 account with the SecurityCoach add-on. You will also need to create an organization key to use in Email Security. This organization key will let you integrate KnowBe4 with Email Security. Refer to [KnowBe4 documentation](https://support.knowbe4.com/hc/articles/13129840202643) for more information on this subject.
+When Email security detects a
phishing email, the metadata of the detection can be sent directly to KnowBe4. For this tutorial, you will need a working KnowBe4 account with the SecurityCoach add-on. You will also need to create an organization key to use in Email security. This organization key will let you integrate KnowBe4 with Email security. Refer to [KnowBe4 documentation](https://support.knowbe4.com/hc/articles/13129840202643) for more information on this subject.
-After creating your organization key and authorizing Email Security:
+After creating your organization key and authorizing Email security:
-1. Log in to the [Email Security dashboard](https://horizon.area1security.com/).
+1. Log in to the [Email security dashboard](https://horizon.area1security.com/).
2. Go to **Settings** (the gear icon).
3. Go to **Email Configuration** > **Domains & Routing** > **Alert Webhooks**.
4. Select **New Webhook**.
5. In **App Type**, select **SIEM**.
-6. Choose *KnowBe4* from the dropdown, and paste your organization key into the **Auth Code** section.
+6. Choose _KnowBe4_ from the dropdown, and paste your organization key into the **Auth Code** section.
7. In **Target**, paste the URL that suits your organization. KnowBe4 has different URLs for different regions:
- | KnowBe4 instance | URL |
+ | KnowBe4 instance | URL |
| ---------------- | ---------------------------------------------- |
- | United States | `https://area1.vendor.training.knowbe4.com/v1` |
- | European Union | `https://area1.vendor.eu.knowbe4.com/v1` |
- | Canada | `https://area1.vendor.ca.knowbe4.com/v1` |
- | United Kingdom | `https://area1.vendor.uk.knowbe4.com/v1` |
- | Germany | `https://area1.vendor.da.knowbe4.com/v1` |
-8. Select *Expanded* from the drop-down menu for **Malicious Style**, **Suspicious Style**, and **Spoof Style**.
+ | United States | `https://area1.vendor.training.knowbe4.com/v1` |
+ | European Union | `https://area1.vendor.eu.knowbe4.com/v1` |
+ | Canada | `https://area1.vendor.ca.knowbe4.com/v1` |
+ | United Kingdom | `https://area1.vendor.uk.knowbe4.com/v1` |
+ | Germany | `https://area1.vendor.da.knowbe4.com/v1` |
+8. Select _Expanded_ from the drop-down menu for **Malicious Style**, **Suspicious Style**, and **Spoof Style**.
9. Select **Publish Webhook**.
diff --git a/src/content/docs/email-security/reporting/siem-integration/logscale-integration-guide.mdx b/src/content/docs/email-security/reporting/siem-integration/logscale-integration-guide.mdx
index 3fea9b4a0add8fd..eb03f7b0bec2c07 100644
--- a/src/content/docs/email-security/reporting/siem-integration/logscale-integration-guide.mdx
+++ b/src/content/docs/email-security/reporting/siem-integration/logscale-integration-guide.mdx
@@ -4,20 +4,19 @@ pcx_content_type: integration-guide
reviewed: 2023-08-04
head: []
description: Falcon LogScale integration guide
-
---
-import { GlossaryTooltip } from "~/components"
+import { GlossaryTooltip } from "~/components";
-When Email Security detects a
phishing email, the metadata of the detection can be sent directly to Falcon LogScale. For this tutorial, you will need a working Falcon LogScale account. You will also need to create a new Ingest Token in your LogScale account. Ingest Tokens identify repositories and are used to configure data ingestion to your repository. Refer to [Falcon LogScale documentation](https://library.humio.com/falcon-logscale-cloud/ingesting-data-tokens.html) for more information.
+When Email security detects a
phishing email, the metadata of the detection can be sent directly to Falcon LogScale. For this tutorial, you will need a working Falcon LogScale account. You will also need to create a new Ingest Token in your LogScale account. Ingest Tokens identify repositories and are used to configure data ingestion to your repository. Refer to [Falcon LogScale documentation](https://library.humio.com/falcon-logscale-cloud/ingesting-data-tokens.html) for more information.
After creating your Ingest Token:
-1. Log in to the [Email Security dashboard](https://horizon.area1security.com/).
+1. Log in to the [Email security dashboard](https://horizon.area1security.com/).
2. Go to **Settings** (the gear icon).
3. Go to **Email Configuration** > **Domains & Routing** > **Alert Webhooks**.
4. Select **New Webhook**.
5. In **App Type**, select **SIEM**.
-6. Choose *Crowdstrike* from the dropdown, and paste your Ingest Token into the **Auth Code** section.
+6. Choose _Crowdstrike_ from the dropdown, and paste your Ingest Token into the **Auth Code** section.
7. In **Target**, paste the URL `https://cloud.community.humio.com/api/v1/ingest/hec/raw`.
8. Select **Publish Webhook**.
diff --git a/src/content/docs/email-security/reporting/siem-integration/splunk-integration-guide.mdx b/src/content/docs/email-security/reporting/siem-integration/splunk-integration-guide.mdx
index 5202457a7304ef9..302d91760fcae61 100644
--- a/src/content/docs/email-security/reporting/siem-integration/splunk-integration-guide.mdx
+++ b/src/content/docs/email-security/reporting/siem-integration/splunk-integration-guide.mdx
@@ -4,14 +4,13 @@ pcx_content_type: integration-guide
reviewed: 2023-01-26
head: []
description: Splunk Cloud integration guide
-
---
-import { GlossaryTooltip } from "~/components"
+import { GlossaryTooltip } from "~/components";
-When Email Security detects a
phishing email, the metadata of the detection can be sent directly to Splunk. This document outlines the steps required to integrate with Splunk Cloud.
+When Email security detects a
phishing email, the metadata of the detection can be sent directly to Splunk. This document outlines the steps required to integrate with Splunk Cloud.
-
+
## 1. Configure Splunk HTTP Event Collector
@@ -27,7 +26,7 @@ When Email Security detects a
phishingphishingphishing **Submit** to review your settings and create the collector.
-11. Take note of the token value in this next screen. This value is required for the Email Security configuration in the next step. You can also retrieve the token from the HTTP Event Collector configuration panel, in **Settings** > **Data inputs** > **HTTP Event Collector**.
+11. Take note of the token value in this next screen. This value is required for the Email security configuration in the next step. You can also retrieve the token from the HTTP Event Collector configuration panel, in **Settings** > **Data inputs** > **HTTP Event Collector**.
@@ -68,15 +67,14 @@ curl https://{host}:8088/services/collector/event \
When creating requests to Splunk, the URL and port number change according to the type of Splunk setup:
-* **Splunk Cloud Platform free trial**: `://http-inputs-.splunkcloud.com:8088/`
-* **Splunk Cloud Platform**: `://http-inputs-.splunkcloud.com:443/`
-* **Splunk Enterprise**: `://:8088/`
+- **Splunk Cloud Platform free trial**: `://http-inputs-.splunkcloud.com:8088/`
+- **Splunk Cloud Platform**: `://http-inputs-.splunkcloud.com:443/`
+- **Splunk Enterprise**: `://:8088/`
Refer to the [Splunk documentation](https://docs.splunk.com/Documentation/Splunk/8.2.2/Data/UsetheHTTPEventCollector) for more information.
If your instance is on-premise, specify the appropriate hostname and ensure that your firewall allows the configured port through to your instance. The connections will be coming from this [Egress IP addresses](/email-security/deployment/inline/reference/egress-ips/), if you need them for your access control lists (ACLs)
-
:::note
Ensure that you have a valid SSL certificate configured on your instance. The certificate cannot be expired and cannot be a self-signed certificate.
:::
@@ -91,20 +89,20 @@ Additionally, you can search your instance of Splunk for the test event with `in
-## 3. Configure Email Security
+## 3. Configure Email security
-The next step is to configure Email Security to push the Email Detection Event to the Splunk HTTP Event Collector.
+The next step is to configure Email security to push the Email Detection Event to the Splunk HTTP Event Collector.
-1. Log in to the [Email Security dashboard](https://horizon.area1security.com/).
+1. Log in to the [Email security dashboard](https://horizon.area1security.com/).
2. Go to **Email Configuration** > **Alert Webhooks**, and select **New Webhook**.
3. In the Add Webhooks page, enter the following settings:
- * **App type**: Select **SIEM** > **Splunk**, and enter the auth code you took note of the previous step.
- * **Target**: Enter the target URI of your Splunk instance. It will typically have the `https://:8088/services/collector` format. Refer to [Request formats](#request-formats) to learn more about how your Splunk subscription affects the URI.
- * For the dispositions (`MALICIOUS`, `SUSPICIOUS`, `SPOOF`, `SPAM`, `BULK`) choose which (if any) you want to send to the webhook. Sending `SPAM` and `BULK` dispositions will generate a high number of events.
+ - **App type**: Select **SIEM** > **Splunk**, and enter the auth code you took note of the previous step.
+ - **Target**: Enter the target URI of your Splunk instance. It will typically have the `https://:8088/services/collector` format. Refer to [Request formats](#request-formats) to learn more about how your Splunk subscription affects the URI.
+ - For the dispositions (`MALICIOUS`, `SUSPICIOUS`, `SPOOF`, `SPAM`, `BULK`) choose which (if any) you want to send to the webhook. Sending `SPAM` and `BULK` dispositions will generate a high number of events.
4. Select **Publish Webhook**.
Your Splunk integration will now show up in the All Webhooks panel.
-It will take about ten minutes or so for the configuration to fully propagate through the infrastructure of Email Security (formerly Area 1), and for events to start to appear in your searches. Once the configuration is propagated, events will start to appear in your instance of Splunk.
+It will take about ten minutes or so for the configuration to fully propagate through the infrastructure of Email security (formerly Area 1), and for events to start to appear in your searches. Once the configuration is propagated, events will start to appear in your instance of Splunk.
diff --git a/src/content/docs/email-security/reporting/siem-integration/sumo-logic-integration-guide.mdx b/src/content/docs/email-security/reporting/siem-integration/sumo-logic-integration-guide.mdx
index d1d2be07886d0d7..f657e996ec5df3e 100644
--- a/src/content/docs/email-security/reporting/siem-integration/sumo-logic-integration-guide.mdx
+++ b/src/content/docs/email-security/reporting/siem-integration/sumo-logic-integration-guide.mdx
@@ -4,14 +4,13 @@ pcx_content_type: integration-guide
reviewed: 2023-01-26
head: []
description: Sumo Logic integration guide
-
---
-import { GlossaryTooltip } from "~/components"
+import { GlossaryTooltip } from "~/components";
-When Email Security detects a phishing email, the metadata of the detection can be sent directly into your instance of Sumo Logic. This document outlines the steps required to integrate Email Security with Sumo Logic.
+When Email security detects a phishing email, the metadata of the detection can be sent directly into your instance of Sumo Logic. This document outlines the steps required to integrate Email security with Sumo Logic.
-
+
## 1. Configure the Sumologic Collector
@@ -28,10 +27,9 @@ When Email Security detects a phishingphishing **Alert Webhooks**, and select **New Webhook**.
3. In the Add Webhooks page, enter the following settings:
- * **App type**: Select **SIEM** > **Splunk**. In **Auth code**, enter `Sumologic`.
- * **Target**: Enter the HTTP endpoint you saved in the previous section.
- * For the dispositions (`MALICIOUS`, `SUSPICIOUS`, `SPOOF`, `SPAM`, `BULK`) choose which (if any) you want to send to the webhook. Sending `SPAM` and `BULK` dispositions will generate a high number of events.
+ - **App type**: Select **SIEM** > **Splunk**. In **Auth code**, enter `Sumologic`.
+ - **Target**: Enter the HTTP endpoint you saved in the previous section.
+ - For the dispositions (`MALICIOUS`, `SUSPICIOUS`, `SPOOF`, `SPAM`, `BULK`) choose which (if any) you want to send to the webhook. Sending `SPAM` and `BULK` dispositions will generate a high number of events.
4. Select **Publish Webhook**.
Your Sumo Logic integration will now show up in the All Webhooks panel.
-It will take about ten minutes for the configuration to fully propagate through the infrastructure of Email Security, and for events to start to appear in your searches. Once the configuration is propagated, events will start to appear in your instance of Sumo Logic.
+It will take about ten minutes for the configuration to fully propagate through the infrastructure of Email security, and for events to start to appear in your searches. Once the configuration is propagated, events will start to appear in your instance of Sumo Logic.
-To view logs, hover your mouse over the Email Security Collector, and select **Open in Log Search**.
+To view logs, hover your mouse over the Email security Collector, and select **Open in Log Search**.
-Once events start to flow, select **New** > **Log search** to search for the detection events with your search criteria (for example, `_collector="Email Security Collector"`).
+Once events start to flow, select **New** > **Log search** to search for the detection events with your search criteria (for example, `_collector="Email security Collector"`).
diff --git a/src/content/docs/email-security/reporting/statistics-overview.mdx b/src/content/docs/email-security/reporting/statistics-overview.mdx
index 373e13b1ac2b2d0..c6f1dc455bcd90f 100644
--- a/src/content/docs/email-security/reporting/statistics-overview.mdx
+++ b/src/content/docs/email-security/reporting/statistics-overview.mdx
@@ -4,23 +4,22 @@ pcx_content_type: how-to
head: []
description: Statistics overview allows you to have an at-a-glance overview of
emails processed and number of threats detected.
-
---
To access an overview of your account, total number of emails processed, a breakdown of types of threads detected, among other types of information:
-1. Log in to the [Email Security dashboard](https://horizon.area1security.com/users/login).
+1. Log in to the [Email security dashboard](https://horizon.area1security.com/users/login).
2. Make sure you are in the Home section to review information regarding your account:
-| Field | Description |
-| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| **System stats** | - Status of Area 1’s services
- Uptime of Area 1’s services as well as any downtime
- Number of processed emails and attacks prevented
|
-| **Detection stats** | Statistics regarding the total number of detections made, and emails processed. |
-| **Retractions** | Shows the distribution of messages removed from your user's mailboxes. |
-| **Phish Submissions Stats** | Statistics regarding the number of phish emails submitted by your users and security operations center (SOC) |
-| **Threat Origins** | Top geographical threat origins to your organization. |
-| **Org Spoofs** | Shows attacks where names in envelopes differ from the header, as well as spoofed domains. |
-| **Domain Proximity** | List of domains similar to your own. |
-| **Malicious Threat Type** | Breakdown of malicious threat types. |
-| **Email Link Isolation** | How many email were processed by [Email Link Isolation](/email-security/email-configuration/email-policies/link-actions/#email-link-isolation). |
-| **Top BEC Targets** | What email addresses are the top targets on the [Business Email Compromise feature](/email-security/email-configuration/enhanced-detections/business-email-compromise/). |
+| Field | Description |
+| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| **System stats** | - Status of Area 1’s services
- Uptime of Area 1’s services as well as any downtime
- Number of processed emails and attacks prevented
|
+| **Detection stats** | Statistics regarding the total number of detections made, and emails processed. |
+| **Retractions** | Shows the distribution of messages removed from your user's mailboxes. |
+| **Phish Submissions Stats** | Statistics regarding the number of phish emails submitted by your users and security operations center (SOC) |
+| **Threat Origins** | Top geographical threat origins to your organization. |
+| **Org Spoofs** | Shows attacks where names in envelopes differ from the header, as well as spoofed domains. |
+| **Domain Proximity** | List of domains similar to your own. |
+| **Malicious Threat Type** | Breakdown of malicious threat types. |
+| **Email Link Isolation** | How many email were processed by [Email Link Isolation](/email-security/email-configuration/email-policies/link-actions/#email-link-isolation). |
+| **Top BEC Targets** | What email addresses are the top targets on the [Business Email Compromise feature](/email-security/email-configuration/enhanced-detections/business-email-compromise/). |
diff --git a/src/content/docs/email-security/reporting/types-malicious-detections.mdx b/src/content/docs/email-security/reporting/types-malicious-detections.mdx
index ebe4db46aace0e6..ee1a1ef7877ff99 100644
--- a/src/content/docs/email-security/reporting/types-malicious-detections.mdx
+++ b/src/content/docs/email-security/reporting/types-malicious-detections.mdx
@@ -4,22 +4,21 @@ pcx_content_type: how-to
head: []
description: Types of malicious detections shows you information related to the
number and types of malicious detections made on your account.
-
---
To review the number and type of malicious detections made on your account:
-1. Log in to the [Email Security dashboard](https://horizon.area1security.com/users/login).
+1. Log in to the [Email security dashboard](https://horizon.area1security.com/users/login).
2. Select the **Email** tab.
3. The **Overview** section will show you graphs with the total number of emails processed, as well as how many of those pertain to different threat categories - such as Malicious or Spam, among others. Refer to [Dispositions and attributes](/email-security/reference/dispositions-and-attributes/) for more information. Select **View Details**.
4. You will open the **Detections** page. This page breaks down the information regarding the various types of threats detected. You have access to:
-| Field | Description |
-| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **Attachments** | - How many of the malicious emails received have an attachment.
- Of these, what are the top types of malicious files received (for example, PDF files).
|
-| **Senders** | - Total number of malicious senders, as well as a graph showing how they are distributed throughout the month.
- Top malicious domains.
|
-| **Targets** | Top email targets on the [BEC feature](/email-security/email-configuration/enhanced-detections/business-email-compromise/). |
-| **New domains** | - Total number of malicious domains registered in the past month.
- Most common top level malicious domains.
|
-| **Links** | - Total number of malicious links and their distribution throughout the month.
- Top threat types (for example, credential harvester).
|
-| **Threat types** | Top malicious threat types, and their percentage relatively to the total amount of threats received. |
-| **Threat origins** | A graph representing where in the world are your top threat origins. |
+| Field | Description |
+| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| **Attachments** | - How many of the malicious emails received have an attachment.
- Of these, what are the top types of malicious files received (for example, PDF files).
|
+| **Senders** | - Total number of malicious senders, as well as a graph showing how they are distributed throughout the month.
- Top malicious domains.
|
+| **Targets** | Top email targets on the [BEC feature](/email-security/email-configuration/enhanced-detections/business-email-compromise/). |
+| **New domains** | - Total number of malicious domains registered in the past month.
- Most common top level malicious domains.
|
+| **Links** | - Total number of malicious links and their distribution throughout the month.
- Top threat types (for example, credential harvester).
|
+| **Threat types** | Top malicious threat types, and their percentage relatively to the total amount of threats received. |
+| **Threat origins** | A graph representing where in the world are your top threat origins. |
diff --git a/src/content/docs/fundamentals/manage-members/roles.mdx b/src/content/docs/fundamentals/manage-members/roles.mdx
index c110ee78207f7e1..55c2a895e33f550 100644
--- a/src/content/docs/fundamentals/manage-members/roles.mdx
+++ b/src/content/docs/fundamentals/manage-members/roles.mdx
@@ -28,23 +28,23 @@ Account-scoped roles apply across an entire Cloudflare account, and through all
| Cloudflare Access | Can edit [Cloudflare Access](/cloudflare-one/access-controls/policies/) and [Cloudflare Tunnel](/cloudflare-one/networks/connectors/cloudflare-tunnel/). |
| Cache Purge | Can purge the edge cache and allows the reading of zone settings. |
| Cloudflare DEX | Can edit [Cloudflare DEX](/cloudflare-one/insights/dex/). |
-| Cloudflare Gateway | Can edit [Cloudflare Gateway](/cloudflare-one/traffic-policies/) and read [Access](/cloudflare-one/integrations/identity-providers/). |
+| Cloudflare Gateway | Can edit [Cloudflare Gateway](/cloudflare-one/traffic-policies/) and read [Access](/cloudflare-one/integrations/identity-providers/). |
| Cloudflare Images | Can access [Cloudflare Images](/images/) data. |
| Cloudflare R2 Admin | Can edit Cloudflare [R2](/r2/) buckets, objects, and associated configurations. |
| Cloudflare R2 Read | Can read Cloudflare [R2](/r2/) buckets, objects, and associated configurations. |
| Cloudflare Stream | Can edit [Cloudflare Stream](/stream/) media. |
-| Cloudflare Zero Trust | Can edit [Cloudflare Zero Trust](/cloudflare-one/). Grants administrator access to all Zero Trust products including Access, Gateway, WARP, Tunnel, Browser Isolation, CASB, DLP, DEX, and Email Security. |
+| Cloudflare Zero Trust | Can edit [Cloudflare Zero Trust](/cloudflare-one/). Grants administrator access to all Zero Trust products including Access, Gateway, WARP, Tunnel, Browser Isolation, CASB, DLP, DEX, and Email security. |
| Cloudflare Zero Trust DNS Locations Write | Can view [Gateway DNS locations](/cloudflare-one/team-and-resources/devices/agentless/dns/locations/#secure-dns-locations) and create and edit [secure DNS locations](/cloudflare-one/team-and-resources/devices/agentless/dns/locations/#secure-dns-locations). |
| Cloudflare Zero Trust PII | Can access [Cloudflare Zero Trust](/cloudflare-one/) PII. |
| Cloudflare Zero Trust Read Only | Can access [Cloudflare Zero Trust](/cloudflare-one/) read only mode. |
| Cloudflare Zero Trust Reporting | Can access [Cloudflare Zero Trust](/cloudflare-one/) reporting data. |
| DNS | Can edit [DNS records](/dns/manage-dns-records/). |
-| Email Configuration Admin | Grants administrator access to Email Security. Cannot take actions on emails, or read emails. |
+| Email Configuration Admin | Grants administrator access to Email security. Cannot take actions on emails, or read emails. |
| Email Integration Admin | Grants read and write access to integrations only. |
-| Email Security Analyst | Grants analyst access. Can take action on emails and read emails. |
-| Email Security Read Only | Grants read only access to all of Email Security. |
-| Email Security Reporting | Grants read access to Email Security metrics. |
-| Email Security Policy Admin | Grants read access to all settings, and write access to [allow policies](/cloudflare-one/email-security/settings/detection-settings/allow-policies/), [trusted domains](/cloudflare-one/email-security/settings/detection-settings/trusted-domains/), and [blocked senders](/cloudflare-one/email-security/settings/detection-settings/blocked-senders/) |
+| Email security Analyst | Grants analyst access. Can take action on emails and read emails. |
+| Email security Read Only | Grants read only access to all of Email security. |
+| Email security Reporting | Grants read access to Email security metrics. |
+| Email security Policy Admin | Grants read access to all settings, and write access to [allow policies](/cloudflare-one/email-security/settings/detection-settings/allow-policies/), [trusted domains](/cloudflare-one/email-security/settings/detection-settings/trusted-domains/), and [blocked senders](/cloudflare-one/email-security/settings/detection-settings/blocked-senders/) |
| Firewall | Can edit [WAF](/waf/), [IP Access rules](/waf/tools/ip-access-rules/), [Zone Lockdown](/waf/tools/zone-lockdown/) settings, and [Cache Rules](/cache/how-to/cache-rules/). |
| Load Balancer | Can edit [Load Balancers](/load-balancing/), Pools, Origins, and Health Checks. |
| Log Share | Can edit [Log Share](/logs/) configuration. |
diff --git a/src/content/docs/fundamentals/reference/policies-compliances/cybersafe.mdx b/src/content/docs/fundamentals/reference/policies-compliances/cybersafe.mdx
index e2cb88347ce7d8e..e503c2613164fcb 100644
--- a/src/content/docs/fundamentals/reference/policies-compliances/cybersafe.mdx
+++ b/src/content/docs/fundamentals/reference/policies-compliances/cybersafe.mdx
@@ -5,7 +5,7 @@ title: Project Cybersafe Schools
import { Render } from "~/components";
-Project Cybersafe Schools grants eligible schools with free access to Cloudflare's [Email Security](/email-security/) and [Gateway](/cloudflare-one/traffic-policies/) products.
+Project Cybersafe Schools grants eligible schools with free access to Cloudflare's [Email security](/email-security/) and [Gateway](/cloudflare-one/traffic-policies/) products.
## School Eligibility
diff --git a/src/content/docs/learning-paths/cybersafe/account-creation/create-cloudflare-account.mdx b/src/content/docs/learning-paths/cybersafe/account-creation/create-cloudflare-account.mdx
index c8e31f9e60f666b..2e503ce4a7dc030 100644
--- a/src/content/docs/learning-paths/cybersafe/account-creation/create-cloudflare-account.mdx
+++ b/src/content/docs/learning-paths/cybersafe/account-creation/create-cloudflare-account.mdx
@@ -3,7 +3,6 @@ title: Create a Cloudflare account
pcx_content_type: learning-unit
sidebar:
order: 1
-
---
To create a new Cloudflare account:
@@ -13,6 +12,6 @@ To create a new Cloudflare account:
2. To secure your account, enable [two-factor authentication](/fundamentals/user-profiles/2fa/).
3. After your account is accepted into the Cybersafe Schools program, you can to reach out to your Cloudflare contact and ask them to set up your account as a multi-user organization. This will allow you to define [role based access](/fundamentals/manage-members/roles/) controls. For this project, account members will need:
- * [**Gateway** permissions](/cloudflare-one/roles-permissions/) to read or edit DNS policies.
- * [**PII** permissions](/cloudflare-one/roles-permissions/#cloudflare-zero-trust-pii) to view user information in DNS logs.
- * [**Configuration** permissions](/email-security/account-setup/permissions/) for Area 1 Email Security.
+ - [**Gateway** permissions](/cloudflare-one/roles-permissions/) to read or edit DNS policies.
+ - [**PII** permissions](/cloudflare-one/roles-permissions/#cloudflare-zero-trust-pii) to view user information in DNS logs.
+ - [**Configuration** permissions](/email-security/account-setup/permissions/) for Area 1 Email security.
diff --git a/src/content/docs/learning-paths/cybersafe/account-creation/create-email-security-account.mdx b/src/content/docs/learning-paths/cybersafe/account-creation/create-email-security-account.mdx
index 94379ae241fc16f..f01e95d2da0338a 100644
--- a/src/content/docs/learning-paths/cybersafe/account-creation/create-email-security-account.mdx
+++ b/src/content/docs/learning-paths/cybersafe/account-creation/create-email-security-account.mdx
@@ -1,18 +1,17 @@
---
-title: Create an Email Security account
+title: Create an Email security account
pcx_content_type: learning-unit
sidebar:
order: 3
-
---
-To create your Email Security account, you will need the alphanumeric string on the URL when logged in to the Cloudflare dashboard.
+To create your Email security account, you will need the alphanumeric string on the URL when logged in to the Cloudflare dashboard.
-Once you have created your [Cloudflare account](/learning-paths/cybersafe/account-creation/create-cloudflare-account/), your account team will create an Email Security account for you.
+Once you have created your [Cloudflare account](/learning-paths/cybersafe/account-creation/create-cloudflare-account/), your account team will create an Email security account for you.
To establish your tenant, you will need the following information:
- Average monthly inbound message volume
- Number of active email users
- At least one domain
-- Admin email address
\ No newline at end of file
+- Admin email address
diff --git a/src/content/docs/learning-paths/cybersafe/concepts/cipa-overview.mdx b/src/content/docs/learning-paths/cybersafe/concepts/cipa-overview.mdx
index 3424077efa23016..310b5542f8cd1d7 100644
--- a/src/content/docs/learning-paths/cybersafe/concepts/cipa-overview.mdx
+++ b/src/content/docs/learning-paths/cybersafe/concepts/cipa-overview.mdx
@@ -3,12 +3,11 @@ title: Project Cybersafe Schools and CIPA
pcx_content_type: learning-unit
sidebar:
order: 2
-
---
-import { Render } from "~/components"
+import { Render } from "~/components";
-Project Cybersafe Schools (PCS) grants eligible schools free access to Cloudflare’s Email Security and Gateway products.
+Project Cybersafe Schools (PCS) grants eligible schools free access to Cloudflare’s Email security and Gateway products.
Like other under-resourced organizations, schools face cyber attacks from malicious actors that can impact schools’ ability to safely perform a basic function – teach children. Schools face email, phishing, and ransomware attacks that slow access and threaten leaks of confidential student data.
diff --git a/src/content/docs/learning-paths/cybersafe/concepts/what-is-email-security.mdx b/src/content/docs/learning-paths/cybersafe/concepts/what-is-email-security.mdx
index dd908a5a34d733a..289b44337456f93 100644
--- a/src/content/docs/learning-paths/cybersafe/concepts/what-is-email-security.mdx
+++ b/src/content/docs/learning-paths/cybersafe/concepts/what-is-email-security.mdx
@@ -1,13 +1,12 @@
---
-title: What is Email Security?
+title: What is Email security?
pcx_content_type: learning-unit
sidebar:
order: 5
-
---
-import { Render } from "~/components"
+import { Render } from "~/components";
Despite email's importance as a communication method, security and privacy were not built into the [The Simple Mail Transfer Protocol (SMTP) protocol](https://www.cloudflare.com/learning/email-security/what-is-smtp/). As a result, email is a major attack vector.
-Email security is the process of preventing [email-based](https://www.cloudflare.com/learning/email-security/what-is-email/) cyber attacks and unwanted communications. It spans protecting inboxes from takeover, protecting domains from [spoofing](https://www.cloudflare.com/learning/ssl/what-is-domain-spoofing/), stopping [phishing attacks](https://www.cloudflare.com/learning/access-management/phishing-attack/), preventing fraud, blocking [malware](https://www.cloudflare.com/learning/ddos/glossary/malware/) delivery, and filtering [spam](https://www.cloudflare.com/learning/email-security/how-to-stop-spam-emails/).
\ No newline at end of file
+Email security is the process of preventing [email-based](https://www.cloudflare.com/learning/email-security/what-is-email/) cyber attacks and unwanted communications. It spans protecting inboxes from takeover, protecting domains from [spoofing](https://www.cloudflare.com/learning/ssl/what-is-domain-spoofing/), stopping [phishing attacks](https://www.cloudflare.com/learning/access-management/phishing-attack/), preventing fraud, blocking [malware](https://www.cloudflare.com/learning/ddos/glossary/malware/) delivery, and filtering [spam](https://www.cloudflare.com/learning/email-security/how-to-stop-spam-emails/).
diff --git a/src/content/docs/learning-paths/cybersafe/email-security-onboarding/api-deployment.mdx b/src/content/docs/learning-paths/cybersafe/email-security-onboarding/api-deployment.mdx
index 1e180e369e84c8e..3b6956dc08a4265 100644
--- a/src/content/docs/learning-paths/cybersafe/email-security-onboarding/api-deployment.mdx
+++ b/src/content/docs/learning-paths/cybersafe/email-security-onboarding/api-deployment.mdx
@@ -3,17 +3,16 @@ title: Deploy via Microsoft Graph API
pcx_content_type: learning-unit
sidebar:
order: 2
-
---
-import { Render } from "~/components"
+import { Render } from "~/components";
-An API deployment model with Email Security has multiple benefits for Microsoft 365 Customers.
+An API deployment model with Email security has multiple benefits for Microsoft 365 Customers.
-The API deployment with Email Security offers:
+The API deployment with Email security offers:
- Easy protection for complex email architectures, without requiring any change to mail flow operations.
- Agentless deployment for Microsoft 365.
- Office 365 directory integration to retrieve user and group information and prevent user impersonation.
-
\ No newline at end of file
+
diff --git a/src/content/docs/learning-paths/cybersafe/email-security-onboarding/email-security-next-steps.mdx b/src/content/docs/learning-paths/cybersafe/email-security-onboarding/email-security-next-steps.mdx
index 2227f6a7c112a81..ba3812d1d9126dd 100644
--- a/src/content/docs/learning-paths/cybersafe/email-security-onboarding/email-security-next-steps.mdx
+++ b/src/content/docs/learning-paths/cybersafe/email-security-onboarding/email-security-next-steps.mdx
@@ -5,14 +5,14 @@ sidebar:
order: 4
---
-Now that you have learned how Email Security can protect your inbox from phishing attacks, refer to the following resources to onboard and enhance your email security posture:
+Now that you have learned how Email security can protect your inbox from phishing attacks, refer to the following resources to onboard and enhance your email security posture:
| Resource | Description |
| ------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| [Phish submissions](/cloudflare-one/email-security/settings/phish-submissions/) | As part of your continuous email security posture, administrators and security analysts need to submit missed phish samples so Cloudflare can process them and take necessary action. |
| [API integration](/cloudflare-one/email-security/setup/post-delivery-deployment/api/) | Onboard your domain via API deployment. |
| [Impersonation registry](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/) | The impersonation registry contains combinations of emails of users who are likely to be impersonated. |
-| [Trusted domains](/cloudflare-one/email-security/settings/detection-settings/trusted-domains/) | Trusted domains allows you to identify domains that should be exempted from Email Security detections. |
+| [Trusted domains](/cloudflare-one/email-security/settings/detection-settings/trusted-domains/) | Trusted domains allows you to identify domains that should be exempted from Email security detections. |
| [Allow policies](/cloudflare-one/email-security/settings/detection-settings/allow-policies/) | Allow policies exempt messages that match certain patterns from normal detection scanning. |
| [Blocked senders](/cloudflare-one/email-security/settings/detection-settings/blocked-senders/) | Blocked senders can mark all messages from specific senders with a `MALICIOUS` disposition. |
| [PhishGuard](/cloudflare-one/email-security/phishguard/) | PhishGuard is a managed email security service that provides resources for end-to-end phish and targeted attack management and response. |
diff --git a/src/content/docs/learning-paths/cybersafe/email-security-onboarding/index.mdx b/src/content/docs/learning-paths/cybersafe/email-security-onboarding/index.mdx
index d686dcd9629e83f..3f708ac776f5939 100644
--- a/src/content/docs/learning-paths/cybersafe/email-security-onboarding/index.mdx
+++ b/src/content/docs/learning-paths/cybersafe/email-security-onboarding/index.mdx
@@ -1,9 +1,8 @@
---
-title: Onboarding Email Security
+title: Onboarding Email security
pcx_content_type: overview
sidebar:
order: 3
-
---
Continue securing your environment by protecting against email phishing attacks.
diff --git a/src/content/docs/learning-paths/secure-o365-email/concepts/index.mdx b/src/content/docs/learning-paths/secure-o365-email/concepts/index.mdx
index 78a97779863bb33..46bfe409a1a62aa 100644
--- a/src/content/docs/learning-paths/secure-o365-email/concepts/index.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/concepts/index.mdx
@@ -5,12 +5,12 @@ sidebar:
order: 1
---
-Review the concepts behind Cloudflare's Email Security.
+Review the concepts behind Cloudflare's Email security.
## Objectives
By the end of this module, you will be able to:
-* Explain how Cloudflare works.
-* Describe what Email Security is.
-* Understand how Cloudflare prevents email-based phishing attacks.
\ No newline at end of file
+- Explain how Cloudflare works.
+- Describe what Email security is.
+- Understand how Cloudflare prevents email-based phishing attacks.
diff --git a/src/content/docs/learning-paths/secure-o365-email/concepts/prevent-phishing-attack.mdx b/src/content/docs/learning-paths/secure-o365-email/concepts/prevent-phishing-attack.mdx
index 5fba8cc5e8ca621..691556c473f0f82 100644
--- a/src/content/docs/learning-paths/secure-o365-email/concepts/prevent-phishing-attack.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/concepts/prevent-phishing-attack.mdx
@@ -5,7 +5,7 @@ sidebar:
order: 5
---
-Cloudflare Email Security uses a variety of factors to determine whether a given email message attachment, URL, or specific network traffic is part of a phishing campaign.
+Cloudflare Email security uses a variety of factors to determine whether a given email message attachment, URL, or specific network traffic is part of a phishing campaign.
These small pattern assessments are dynamic in nature. Cloudflare's automated systems use a combination of factors to clearly distinguish between a valid phishing campaign and benign traffic.
@@ -17,4 +17,4 @@ In a BEC attack, the attacker falsifies an email message to trick the victim int
To detect these low volume, malicious emails that do not contain malware, malicious links or email attachments, Cloudflare analyzes the email thread, content, sentiment and context via message lexical analysis, subject analysis and sender analysis. Display names are also compared with known executive names for similarity using several matching models.
-Refer to [How we detect phish](/email-security/reference/how-we-detect-phish/#sample-attack-types-and-detections) to learn more about additional attack types and detections.
\ No newline at end of file
+Refer to [How we detect phish](/email-security/reference/how-we-detect-phish/#sample-attack-types-and-detections) to learn more about additional attack types and detections.
diff --git a/src/content/docs/learning-paths/secure-o365-email/concepts/protect-from-phishing-attacks.mdx b/src/content/docs/learning-paths/secure-o365-email/concepts/protect-from-phishing-attacks.mdx
index 1a47f83a3eab721..c64531b8dbb5be8 100644
--- a/src/content/docs/learning-paths/secure-o365-email/concepts/protect-from-phishing-attacks.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/concepts/protect-from-phishing-attacks.mdx
@@ -13,4 +13,4 @@ As organizations continue to adopt Microsoft 365 to enhance communication and co
Analysts agree that consolidating capabilities to minimize overlapping functionality is helping organizations reduce cost and complexity. However, they also advise organizations to carefully assess native features to ensure they satisfy all use cases. As Microsoft continues to build out its essential email security features, the growing overlap with SEGs has given organizations an opportunity to streamline security operations by leveraging capabilities already included in their E3 or E5 license.
-This shift enables organizations to eliminate complex and costly SEG deployments, redirecting a fraction of that budget to integrate lightweight solutions that effectively address the most dangerous phishing threats. Cloudflare Email Security provides an integrated, low-touch solution that augments Microsoft 365 using machine learning threat analysis to automate the detection of BEC and multi-channel attacks.
\ No newline at end of file
+This shift enables organizations to eliminate complex and costly SEG deployments, redirecting a fraction of that budget to integrate lightweight solutions that effectively address the most dangerous phishing threats. Cloudflare Email security provides an integrated, low-touch solution that augments Microsoft 365 using machine learning threat analysis to automate the detection of BEC and multi-channel attacks.
diff --git a/src/content/docs/learning-paths/secure-o365-email/concepts/what-is-email-security.mdx b/src/content/docs/learning-paths/secure-o365-email/concepts/what-is-email-security.mdx
index 904f8c50f9be43a..85345caef6e4ff9 100644
--- a/src/content/docs/learning-paths/secure-o365-email/concepts/what-is-email-security.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/concepts/what-is-email-security.mdx
@@ -1,5 +1,5 @@
---
-title: What is Email Security?
+title: What is Email security?
pcx_content_type: overview
sidebar:
order: 4
@@ -7,4 +7,4 @@ sidebar:
Despite email's importance as a communication method, security and privacy were not built into the [The Simple Mail Transfer Protocol (SMTP) protocol](https://www.cloudflare.com/learning/email-security/what-is-smtp/). As a result, email is a major attack vector.
-Email security is the process of preventing [email-based](https://www.cloudflare.com/learning/email-security/what-is-email/) cyber attacks and unwanted communications. It spans protecting inboxes from takeover, protecting domains from [spoofing](https://www.cloudflare.com/learning/ssl/what-is-domain-spoofing/), stopping [phishing attacks](https://www.cloudflare.com/learning/access-management/phishing-attack/), preventing fraud, blocking [malware](https://www.cloudflare.com/learning/ddos/glossary/malware/) delivery, and filtering [spam](https://www.cloudflare.com/learning/email-security/how-to-stop-spam-emails/).
\ No newline at end of file
+Email security is the process of preventing [email-based](https://www.cloudflare.com/learning/email-security/what-is-email/) cyber attacks and unwanted communications. It spans protecting inboxes from takeover, protecting domains from [spoofing](https://www.cloudflare.com/learning/ssl/what-is-domain-spoofing/), stopping [phishing attacks](https://www.cloudflare.com/learning/access-management/phishing-attack/), preventing fraud, blocking [malware](https://www.cloudflare.com/learning/ddos/glossary/malware/) delivery, and filtering [spam](https://www.cloudflare.com/learning/email-security/how-to-stop-spam-emails/).
diff --git a/src/content/docs/learning-paths/secure-o365-email/configure-email-security/active-directory-sync.mdx b/src/content/docs/learning-paths/secure-o365-email/configure-email-security/active-directory-sync.mdx
index dcdc5e415c8b461..cae02d5b8af1be5 100644
--- a/src/content/docs/learning-paths/secure-o365-email/configure-email-security/active-directory-sync.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/configure-email-security/active-directory-sync.mdx
@@ -5,7 +5,7 @@ sidebar:
order: 2
---
-Directories are folders to store user data. Email Security allows you to manage directories from the Cloudflare dashboard.
+Directories are folders to store user data. Email security allows you to manage directories from the Cloudflare dashboard.
To manage a Microsoft directory:
@@ -15,7 +15,7 @@ To manage a Microsoft directory:
4. Under **Directory name**, select **MS directory**.
5. From here, you can manage **Groups** or **Users** directories.
-Email Security allows you to view and manage your groups directory and their [impersonation registry](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/).
+Email security allows you to view and manage your groups directory and their [impersonation registry](/cloudflare-one/email-security/settings/detection-settings/impersonation-registry/).
When a group is added to the registry, all members are registered by default.
To manage your group directory, on the **MS directory** page, select **Groups**.
@@ -31,7 +31,7 @@ To add multiple groups to the registry at once:
2. Select the **Action** dropdown list.
3. Select **Add to registry**.
-In addition, Email Security allows you to:
+In addition, Email security allows you to:
- [Remove groups from the registry](/cloudflare-one/email-security/directories/manage-integrated-directories/manage-groups-directory/#remove-groups-from-registry).
- [Filter the impersonation registry](/cloudflare-one/email-security/directories/manage-integrated-directories/manage-groups-directory/#filter-impersonation-registry).
diff --git a/src/content/docs/learning-paths/secure-o365-email/configure-email-security/audit-logs.mdx b/src/content/docs/learning-paths/secure-o365-email/configure-email-security/audit-logs.mdx
index 30b8ad44c32e6bc..72497bda44a53bb 100644
--- a/src/content/docs/learning-paths/secure-o365-email/configure-email-security/audit-logs.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/configure-email-security/audit-logs.mdx
@@ -5,7 +5,7 @@ sidebar:
order: 6
---
-With Email Security, you can enable logs to review actions performed on your account.
+With Email security, you can enable logs to review actions performed on your account.
To enable audit logs:
@@ -13,9 +13,11 @@ To enable audit logs:
2. Select **Analytics & Logs** > **Logpush**.
3. Select **Audit logs**.
4. Under **Configure logpush job**:
- - **Job name**: Enter the job name.
- - **If logs match**: Select Filtered logs:
- - **Field**: Choose `ResourceType`.
- - **Operator**: Choose `starts with`.
- - **Value**: Enter `email_security`.
-5. Select **Submit**.
\ No newline at end of file
+
+- **Job name**: Enter the job name.
+- **If logs match**: Select Filtered logs:
+ - **Field**: Choose `ResourceType`.
+ - **Operator**: Choose `starts with`.
+ - **Value**: Enter `email_security`.
+
+5. Select **Submit**.
diff --git a/src/content/docs/learning-paths/secure-o365-email/configure-email-security/create-allow-policies.mdx b/src/content/docs/learning-paths/secure-o365-email/configure-email-security/create-allow-policies.mdx
index 8c6dd028f237966..273d91973b96f8c 100644
--- a/src/content/docs/learning-paths/secure-o365-email/configure-email-security/create-allow-policies.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/configure-email-security/create-allow-policies.mdx
@@ -5,12 +5,12 @@ sidebar:
order: 3
---
-Email Security allows you to configure allow policies. An allow policy exempts messages that match certain patterns from normal detection scanning.
+Email security allows you to configure allow policies. An allow policy exempts messages that match certain patterns from normal detection scanning.
-You can choose how Email Security will handle messages that match your criteria:
+You can choose how Email security will handle messages that match your criteria:
-- **Trusted Sender**: Messages will bypass all [detections](/cloudflare-one/email-security/reference/dispositions-and-attributes/) and link following. Typically, it only applies to phishing simulations from vendors such as KnowBe4. Many emails contain links in them. Some of these could be links to surveys, phishing simulations and other trackable links. By marking a message as a Trusted Sender, Email Security will not scan any attachments from the sender and will not attempt to open the links in the emails.
-- **Exempt Recipient**: Messages will be exempt from all Email Security [detections](/cloudflare-one/email-security/reference/dispositions-and-attributes/) intended for recipients matching this pattern (email address or regular expression only). Typically, this only applies to submission mailboxes for user reporting to security.
+- **Trusted Sender**: Messages will bypass all [detections](/cloudflare-one/email-security/reference/dispositions-and-attributes/) and link following. Typically, it only applies to phishing simulations from vendors such as KnowBe4. Many emails contain links in them. Some of these could be links to surveys, phishing simulations and other trackable links. By marking a message as a Trusted Sender, Email security will not scan any attachments from the sender and will not attempt to open the links in the emails.
+- **Exempt Recipient**: Messages will be exempt from all Email security [detections](/cloudflare-one/email-security/reference/dispositions-and-attributes/) intended for recipients matching this pattern (email address or regular expression only). Typically, this only applies to submission mailboxes for user reporting to security.
- **Accept Sender**: Messages will exempt messages from the `SPAM`, `SPOOF`, and `BULK` [dispositions](/cloudflare-one/email-security/reference/dispositions-and-attributes/) (but not `MALICIOUS` or `SUSPICIOUS`). Commonly used for external domains and sources that send mail on behalf of your organization, such as marketing emails or internal tools.
## Configure allow policies
@@ -18,22 +18,22 @@ You can choose how Email Security will handle messages that match your criteria:
To configure allow policies:
1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
-2. Select **Email Security**.
+2. Select **Email security**.
3. Select **Settings**, then go to **Detection settings** > **Allow policies**.
4. On the **Detection settings** page, select **Add a policy**.
5. On the **Add an allow policy** page, enter the policy information:
- - **Input method**: Choose between **Manual input**, and **Uploading an allow policy**:
- - **Manual input**:
- - **Action**: Select one of the following to choose how Email Security will handle messages that match your criteria:
- - **Trust sender**: Messages will bypass all detections and link following.
- - **Exempt recipient**: Message to this recipient will bypass all detections.
- - **Accept sender**: Messages from this sender will be exempted from Spam, Spoof, and Bulk dispositions.
- - **Rule type**: Specify the scope of your policy. Choose one of the following:
- - **Email addresses**: Must be a valid email.
- - **IP addresses**: Can only be IPv4. IPv6 and CIDR are invalid entries.
- - **Domains**: Must be a valid domain.
- - **Regular expressions**: Must be valid Java expressions. Regular expressions are matched with fields related to the sender email address (envelope from, header from, reply-to), the originating IP address, and the server name for the email.
- - **(Recommended) Sender verification**: This option enforces DMARC, SPF, or DKIM authentication. If you choose to enable this option, Email Security will only honor policies that pass authentication.
- - **Notes**: Provide additional information about your allow policy.
- - **Uploading an allow policy**: Upload a file no larger than 150 KB. The file can only contain `Pattern`, `Notes`, `Verify Email`, `Trusted Sender`, `Exempt Recipient`, and `Acceptable Sender` fields. The first row must be a header row.
-6. Select **Save**.
\ No newline at end of file
+ - **Input method**: Choose between **Manual input**, and **Uploading an allow policy**:
+ - **Manual input**:
+ - **Action**: Select one of the following to choose how Email security will handle messages that match your criteria:
+ - **Trust sender**: Messages will bypass all detections and link following.
+ - **Exempt recipient**: Message to this recipient will bypass all detections.
+ - **Accept sender**: Messages from this sender will be exempted from Spam, Spoof, and Bulk dispositions.
+ - **Rule type**: Specify the scope of your policy. Choose one of the following:
+ - **Email addresses**: Must be a valid email.
+ - **IP addresses**: Can only be IPv4. IPv6 and CIDR are invalid entries.
+ - **Domains**: Must be a valid domain.
+ - **Regular expressions**: Must be valid Java expressions. Regular expressions are matched with fields related to the sender email address (envelope from, header from, reply-to), the originating IP address, and the server name for the email.
+ - **(Recommended) Sender verification**: This option enforces DMARC, SPF, or DKIM authentication. If you choose to enable this option, Email security will only honor policies that pass authentication.
+ - **Notes**: Provide additional information about your allow policy.
+ - **Uploading an allow policy**: Upload a file no larger than 150 KB. The file can only contain `Pattern`, `Notes`, `Verify Email`, `Trusted Sender`, `Exempt Recipient`, and `Acceptable Sender` fields. The first row must be a header row.
+6. Select **Save**.
diff --git a/src/content/docs/learning-paths/secure-o365-email/configure-email-security/impersonation-registry.mdx b/src/content/docs/learning-paths/secure-o365-email/configure-email-security/impersonation-registry.mdx
index d2eb18dbf8e6ae7..7e5833b3f7d9506 100644
--- a/src/content/docs/learning-paths/secure-o365-email/configure-email-security/impersonation-registry.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/configure-email-security/impersonation-registry.mdx
@@ -7,12 +7,12 @@ sidebar:
Attackers often try to impersonate executives within an organization when sending malicious emails (with requests about banking information, trade secrets, and more), which is known as a [Business Email Compromise (BEC)](https://www.cloudflare.com/en-gb/learning/email-security/business-email-compromise-bec/) attack.
-The impersonation registry protects against these attacks by looking for spoofs of known key users in an organization. Information about key users you either synced with your directory or entered manually in the dashboard is used by Email Security to run enhanced scan techniques and find these spoofed emails.
+The impersonation registry protects against these attacks by looking for spoofs of known key users in an organization. Information about key users you either synced with your directory or entered manually in the dashboard is used by Email security to run enhanced scan techniques and find these spoofed emails.
To add a user to the impersonation registry:
1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
-2. Select **Email Security**.
+2. Select **Email security**.
3. Select **Settings** > **Impersonation registry**.
4. Select **Add a user**.
5. Select **Input method**: Choose between **Manual input**, **Upload manual list**, and **Select from existing directories**:
diff --git a/src/content/docs/learning-paths/secure-o365-email/configure-email-security/index.mdx b/src/content/docs/learning-paths/secure-o365-email/configure-email-security/index.mdx
index a4de6e0f487533b..2d5aa86ed6d7248 100644
--- a/src/content/docs/learning-paths/secure-o365-email/configure-email-security/index.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/configure-email-security/index.mdx
@@ -1,10 +1,10 @@
---
-title: Configure Email Security
+title: Configure Email security
pcx_content_type: overview
sidebar:
order: 3
---
-With Email Security, there is limited manual configuration and tuning. The Active Directory sync, allow policies, and additional detections are important to consider when you set up Email Security.
+With Email security, there is limited manual configuration and tuning. The Active Directory sync, allow policies, and additional detections are important to consider when you set up Email security.
-In this module, you will configure your email environment.
\ No newline at end of file
+In this module, you will configure your email environment.
diff --git a/src/content/docs/learning-paths/secure-o365-email/configure-email-security/report-phish.mdx b/src/content/docs/learning-paths/secure-o365-email/configure-email-security/report-phish.mdx
index b9c254825300b6b..620ebb77f4812ba 100644
--- a/src/content/docs/learning-paths/secure-o365-email/configure-email-security/report-phish.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/configure-email-security/report-phish.mdx
@@ -5,9 +5,9 @@ sidebar:
order: 5
---
-Before deploying Email Security to production, you will have to consider reporting any phishing attacks, evaluating which disposition to assign a specific message, and using different screen criteria to search through your inbox.
+Before deploying Email security to production, you will have to consider reporting any phishing attacks, evaluating which disposition to assign a specific message, and using different screen criteria to search through your inbox.
-PhishNet is an add-in button that helps users to submit phish samples missed by Email Security detection.
+PhishNet is an add-in button that helps users to submit phish samples missed by Email security detection.
To set up PhishNet O365:
@@ -18,4 +18,5 @@ To set up PhishNet O365:
```txt
https://phishnet-o365.area1cloudflare-webapps.workers.dev?clientId=ODcxNDA0MjMyNDM3NTA4NjQwNDk1Mzc3MDIxNzE0OTcxNTg0Njk5NDEyOTE2NDU5ODQyNjU5NzYzNjYyNDQ3NjEwMzIxODEyMDk1NQ
```
-4. Verify and complete the wizard.
\ No newline at end of file
+
+4. Verify and complete the wizard.
diff --git a/src/content/docs/learning-paths/secure-o365-email/configure-email-security/set-additional-detections.mdx b/src/content/docs/learning-paths/secure-o365-email/configure-email-security/set-additional-detections.mdx
index 17ae4253e32168e..3007ab7939026ea 100644
--- a/src/content/docs/learning-paths/secure-o365-email/configure-email-security/set-additional-detections.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/configure-email-security/set-additional-detections.mdx
@@ -5,7 +5,7 @@ sidebar:
order: 4
---
-Email Security allows you to configure the following additional detections:
+Email security allows you to configure the following additional detections:
- [Domain age](/cloudflare-one/email-security/settings/detection-settings/additional-detections/#configure-domain-age)
- [Blank email detection](/cloudflare-one/email-security/settings/detection-settings/additional-detections/#configure-blank-email-detection)
@@ -15,7 +15,7 @@ Email Security allows you to configure the following additional detections:
To configure additional detections:
1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
-2. Select **Email Security**.
+2. Select **Email security**.
3. Select **Settings**.
4. On the Settings page, go to **Detection settings** > **Additional detections**, and select **Edit**.
diff --git a/src/content/docs/learning-paths/secure-o365-email/enable-auto-moves/configure-auto-moves.mdx b/src/content/docs/learning-paths/secure-o365-email/enable-auto-moves/configure-auto-moves.mdx
index 19ff3c47a24a030..18f0cbcec6fb445 100644
--- a/src/content/docs/learning-paths/secure-o365-email/enable-auto-moves/configure-auto-moves.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/enable-auto-moves/configure-auto-moves.mdx
@@ -13,12 +13,12 @@ To configure auto-move events:
4. Select **Moves**.
5. Under **Auto-moves**, select **Configure**.
6. Assign actions based on malicious, spoof, suspicious, spam, and bulk dispositions. Select among:
- - **Soft delete - user recoverable**: Moves the message to the user's **Recoverable Items - Deleted** folder. Messages can be recovered by the user.
- - **Hard delete - admin recoverable**: Completely deletes messages from a user's inbox.
- - **Move to trash**: Moves messages to the trash or deleted items email folder.
- - **Move to junk**: Moves the message to the junk or spam folder.
- - **No action**: Messages stay in the origin folder.
+ - **Soft delete - user recoverable**: Moves the message to the user's **Recoverable Items - Deleted** folder. Messages can be recovered by the user.
+ - **Hard delete - admin recoverable**: Completely deletes messages from a user's inbox.
+ - **Move to trash**: Moves messages to the trash or deleted items email folder.
+ - **Move to junk**: Moves the message to the junk or spam folder.
+ - **No action**: Messages stay in the origin folder.
7. Select **Post-delivery** moves:
- - **(Recommended) Post-delivery response**: Enabling this option allows Email Security to rescan delivered emails at multiple time intervals for previously unknown phishing sites or campaigns.
- - **(Recommended) Phish submission response**: Enabling this option allows Email Security to move emails that your users reported as phishing and Email Security determined to be malicious.
-8. Select **Save**.
\ No newline at end of file
+ - **(Recommended) Post-delivery response**: Enabling this option allows Email security to rescan delivered emails at multiple time intervals for previously unknown phishing sites or campaigns.
+ - **(Recommended) Phish submission response**: Enabling this option allows Email security to move emails that your users reported as phishing and Email security determined to be malicious.
+8. Select **Save**.
diff --git a/src/content/docs/learning-paths/secure-o365-email/enable-auto-moves/email-dispositions.mdx b/src/content/docs/learning-paths/secure-o365-email/enable-auto-moves/email-dispositions.mdx
index 9daa8645f1f216e..390c233d8d94060 100644
--- a/src/content/docs/learning-paths/secure-o365-email/enable-auto-moves/email-dispositions.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/enable-auto-moves/email-dispositions.mdx
@@ -7,6 +7,6 @@ sidebar:
import { Render } from "~/components";
-Email Security returns five potential verdicts for every email it scans. Review the detections and consider how you would treat them once an auto-move is enabled. Below is an overview of the disposition and recommendation actions by Cloudflare:
+Email security returns five potential verdicts for every email it scans. Review the detections and consider how you would treat them once an auto-move is enabled. Below is an overview of the disposition and recommendation actions by Cloudflare:
diff --git a/src/content/docs/learning-paths/secure-o365-email/enable-auto-moves/index.mdx b/src/content/docs/learning-paths/secure-o365-email/enable-auto-moves/index.mdx
index 771d374410658ed..69c1f266451d216 100644
--- a/src/content/docs/learning-paths/secure-o365-email/enable-auto-moves/index.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/enable-auto-moves/index.mdx
@@ -11,8 +11,8 @@ Now that you have set up your email environment, you can enable auto-move events
Ensure you have completed the previous modules before enabling auto-moves.
:::
-Auto-move events are events where emails are automatically moved to different inboxes based on the disposition assigned to them by Email Security.
+Auto-move events are events where emails are automatically moved to different inboxes based on the disposition assigned to them by Email security.
When you set up auto-moves, you can move messages manually or set up automatic moves to send messages matching certain [dispositions](/learning-paths/secure-o365-email/enable-auto-moves/email-dispositions/) to specific folders within a user's mailbox.
-You can also enable Post Delivery Response and Phish Submission Response to re-evaluate messages previously delivered against new information gathered by Email Security. Scanned emails that were previously delivered and now match this new phishing information will be moved.
\ No newline at end of file
+You can also enable Post Delivery Response and Phish Submission Response to re-evaluate messages previously delivered against new information gathered by Email security. Scanned emails that were previously delivered and now match this new phishing information will be moved.
diff --git a/src/content/docs/learning-paths/secure-o365-email/get-started/create-email-security-account.mdx b/src/content/docs/learning-paths/secure-o365-email/get-started/create-email-security-account.mdx
index bc7e43c74859fad..8e3e820926146e3 100644
--- a/src/content/docs/learning-paths/secure-o365-email/get-started/create-email-security-account.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/get-started/create-email-security-account.mdx
@@ -1,19 +1,19 @@
---
-title: Create an Email Security account
+title: Create an Email security account
pcx_content_type: overview
sidebar:
order: 3
---
-To create your Email Security account, you will need the alphanumeric string on the URL when logged in to the Cloudflare dashboard.
+To create your Email security account, you will need the alphanumeric string on the URL when logged in to the Cloudflare dashboard.
If you do not have a Cloudflare account, you can create one for free by referring to the [Cloudflare sign-up page](https://dash.cloudflare.com/sign-up).
-Once you have created your account, your account team will create an Email Security account for you.
+Once you have created your account, your account team will create an Email security account for you.
To establish your tenant, you will need the following information:
- Average monthly inbound message volume
- Number of active email users
- At least one domain
-- Admin email address
\ No newline at end of file
+- Admin email address
diff --git a/src/content/docs/learning-paths/secure-o365-email/get-started/deployment-models.mdx b/src/content/docs/learning-paths/secure-o365-email/get-started/deployment-models.mdx
index 93e67e4077b81e7..b0ea7fd86fc4064 100644
--- a/src/content/docs/learning-paths/secure-o365-email/get-started/deployment-models.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/get-started/deployment-models.mdx
@@ -5,8 +5,8 @@ sidebar:
order: 4
---
-While there are multiple deployment methods, the easiest way to get started with Email Security is via the API deployment method.
+While there are multiple deployment methods, the easiest way to get started with Email security is via the API deployment method.
-When you choose the [API deployment](/cloudflare-one/email-security/setup/post-delivery-deployment/api/), Email Security can both scan and take actions on emails after they have reached a user's inbox.
+When you choose the [API deployment](/cloudflare-one/email-security/setup/post-delivery-deployment/api/), Email security can both scan and take actions on emails after they have reached a user's inbox.
-With a [Journaling setup](/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/journaling-setup/m365-journaling/) alone without API integration, Email Security can only scan emails after it has reached a user's inbox.
\ No newline at end of file
+With a [Journaling setup](/cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/journaling-setup/m365-journaling/) alone without API integration, Email security can only scan emails after it has reached a user's inbox.
diff --git a/src/content/docs/learning-paths/secure-o365-email/get-started/index.mdx b/src/content/docs/learning-paths/secure-o365-email/get-started/index.mdx
index c91a9cbe5b24be9..935e358f3e34fc5 100644
--- a/src/content/docs/learning-paths/secure-o365-email/get-started/index.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/get-started/index.mdx
@@ -1,14 +1,14 @@
---
-title: Get started with Email Security
+title: Get started with Email security
pcx_content_type: overview
sidebar:
order: 1
---
-In this learning path, you will learn how to protect your organization from phishing attacks with Email Security.
+In this learning path, you will learn how to protect your organization from phishing attacks with Email security.
Your users will experience a reduction in spam and phishing emails, and have simple ways to report any suspicious activity.
-Administrators will be able to review detections and phishing trends that target their organization without having to tune Email Security.
+Administrators will be able to review detections and phishing trends that target their organization without having to tune Email security.
-This module will kickstart your email flow.
\ No newline at end of file
+This module will kickstart your email flow.
diff --git a/src/content/docs/learning-paths/secure-o365-email/get-started/initial-login.mdx b/src/content/docs/learning-paths/secure-o365-email/get-started/initial-login.mdx
index 2c5997161ab2ccb..ed495e0340285b9 100644
--- a/src/content/docs/learning-paths/secure-o365-email/get-started/initial-login.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/get-started/initial-login.mdx
@@ -5,6 +5,6 @@ sidebar:
order: 3
---
-Once your tenant is created by your account team, you will receive an email that grants you access to the Email Security platform.
+Once your tenant is created by your account team, you will receive an email that grants you access to the Email security platform.
-Multi-factor authentication is required, so you will need an authenticator tool to set up your second factor prior to gaining access. Scan the QR code, set up your second factor, create a new password, and enter the Email Security portal.
\ No newline at end of file
+Multi-factor authentication is required, so you will need an authenticator tool to set up your second factor prior to gaining access. Scan the QR code, set up your second factor, create a new password, and enter the Email security portal.
diff --git a/src/content/docs/learning-paths/secure-o365-email/get-started/recommended-deployment-model.mdx b/src/content/docs/learning-paths/secure-o365-email/get-started/recommended-deployment-model.mdx
index ba96d0cb0358e3b..1029e08f98a9b79 100644
--- a/src/content/docs/learning-paths/secure-o365-email/get-started/recommended-deployment-model.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/get-started/recommended-deployment-model.mdx
@@ -5,12 +5,12 @@ sidebar:
order: 5
---
-An API deployment model with Email Security has multiple benefits for Microsoft 365 Customers.
+An API deployment model with Email security has multiple benefits for Microsoft 365 Customers.
-The API deployment with Email Security offers:
+The API deployment with Email security offers:
- Easy protection for complex email architectures, without requiring any change to mail flow operations.
- Agentless deployment for Microsoft 365.
- Office 365 directory integration to retrieve user and group information and prevent user impersonation.
-
\ No newline at end of file
+
diff --git a/src/content/docs/learning-paths/secure-o365-email/get-started/setup-ms-graph-api.mdx b/src/content/docs/learning-paths/secure-o365-email/get-started/setup-ms-graph-api.mdx
index 0568401a29c5895..77e9a66a09b5ba4 100644
--- a/src/content/docs/learning-paths/secure-o365-email/get-started/setup-ms-graph-api.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/get-started/setup-ms-graph-api.mdx
@@ -6,14 +6,14 @@ sidebar:
---
1. Log in to [Zero Trust](https://one.dash.cloudflare.com/).
-2. Select **Email Security**.
+2. Select **Email security**.
3. Select **Monitoring**.
4. Enable **Microsoft Integration**:
- 1. **Name integration**: Add your integration name, then select **Continue**.
- 2. **Authorize integration**:
- - Select **Authorize**. Selecting **Authorize** will take you to the Microsoft Sign in page where you will have to enter your email address.
- - Once you enter your email address, select **Next**.
- - After selecting **Next**, the system will show a dialog box with a list of requested permissions. Select **Accept** to authorize Email Security. Upon authorization, you will be redirected to a page where you can review details and enroll integration.
- 3. **Review details**: Review your integration details, then:
- - Select **Complete Email Security set up** where you will be able to connect your domains and configure auto-moves.
- - Select **Continue to Email Security**.
\ No newline at end of file
+ 1. **Name integration**: Add your integration name, then select **Continue**.
+ 2. **Authorize integration**:
+ - Select **Authorize**. Selecting **Authorize** will take you to the Microsoft Sign in page where you will have to enter your email address.
+ - Once you enter your email address, select **Next**.
+ - After selecting **Next**, the system will show a dialog box with a list of requested permissions. Select **Accept** to authorize Email security. Upon authorization, you will be redirected to a page where you can review details and enroll integration.
+ 3. **Review details**: Review your integration details, then:
+ - Select **Complete Email security set up** where you will be able to connect your domains and configure auto-moves.
+ - Select **Continue to Email security**.
diff --git a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/index.mdx b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/index.mdx
index aa9b07bc2ffc08d..1b43eb8f27a9f02 100644
--- a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/index.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/index.mdx
@@ -8,9 +8,9 @@ sidebar:
To access an overview of your account, the total number of emails processed, a breakdown of types of threads detected, and other useful information:
1. Log in to [Zero Trust.](https://one.dash.cloudflare.com/)
-2. Select **Email Security**.
+2. Select **Email security**.
-Under **Email Security**, select **Monitoring**.
+Under **Email security**, select **Monitoring**.
The dashboard will display the following metrics:
diff --git a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/monitor-detections.mdx b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/monitor-detections.mdx
index e901a8619484cc1..5a06c7e7c4d681e 100644
--- a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/monitor-detections.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/monitor-detections.mdx
@@ -5,7 +5,7 @@ sidebar:
order: 2
---
-Spam and Malicious emails are blocked outright by Email Security, but Suspicious and Spoof dispositions should be monitored. Suspicious messages should be investigated by a security analyst to determine the legitimacy of the message.
+Spam and Malicious emails are blocked outright by Email security, but Suspicious and Spoof dispositions should be monitored. Suspicious messages should be investigated by a security analyst to determine the legitimacy of the message.
[PhishGuard](/cloudflare-one/email-security/phishguard/) (Cloudflare's managed email security service) can review these messages for you and move them from the end user inbox if they are deemed malicious.
@@ -18,9 +18,9 @@ In most cases, a Spoof disposition is triggered by a legitimate third-party mail
## Search email messages
-Email Security offers a variety of ways for you to better examine and understand your message traffic:
+Email security offers a variety of ways for you to better examine and understand your message traffic:
-You can search for emails that have been processed by Email Security, whether they are marked with a [detection disposition](/email-security/reference/dispositions-and-attributes/) or not.
+You can search for emails that have been processed by Email security, whether they are marked with a [detection disposition](/email-security/reference/dispositions-and-attributes/) or not.
There are three ways for searching emails:
@@ -32,4 +32,4 @@ Additional information on search can be found on the [Screen criteria](/cloudfla
### Export messages
-With Email Security, you can export messages to a CSV file. Via the dashboard, you can export up to 1,000 rows. If you want to export all messages, you can use the [API](https://developers.cloudflare.com/api/resources/email_security/subresources/investigate/methods/get/).
+With Email security, you can export messages to a CSV file. Via the dashboard, you can export up to 1,000 rows. If you want to export all messages, you can use the [API](https://developers.cloudflare.com/api/resources/email_security/subresources/investigate/methods/get/).
diff --git a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/phish-submissions.mdx b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/phish-submissions.mdx
index 9755a0a4f8f84a4..ee2c42ce1405ab2 100644
--- a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/phish-submissions.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/phish-submissions.mdx
@@ -5,7 +5,7 @@ sidebar:
order: 3
---
-While Email Security offers industry leading detection efficacy due to Cloudflare's Threat Intelligence, Preemptive Threat Hunting (actor and campaign infrastructure hunting with 8B, plus campaign threat signals assessed every day) and ML-Based Detection Models (Trust Graphs Computer Vision, Sentiment/Thread/Structural Analysis, Industry/Natural Language Understanding Modeling) false negatives and false positive can occur.
+While Email security offers industry leading detection efficacy due to Cloudflare's Threat Intelligence, Preemptive Threat Hunting (actor and campaign infrastructure hunting with 8B, plus campaign threat signals assessed every day) and ML-Based Detection Models (Trust Graphs Computer Vision, Sentiment/Thread/Structural Analysis, Industry/Natural Language Understanding Modeling) false negatives and false positive can occur.
There are two different ways to [submit a phish](/cloudflare-one/email-security/settings/phish-submissions/) sample:
@@ -13,5 +13,5 @@ There are two different ways to [submit a phish](/cloudflare-one/email-security/
- Submitted directly by the end user, and used with phish submission buttons. To learn more about user-submitted phish, refer to [PhishNet for Microsoft O365](/cloudflare-one/email-security/settings/phish-submissions/#phishnet-o365).
- User submissions can create another challenge for your organization. While it is important for end users to be vigilant and report what they believe may be a phishing email, they are often wrong. About 90% of the time, when an end user reports a missed phishing email, they are mistaken. This puts an extra burden on busy security teams as they sift through end user reports. The PhishGuard team at Cloudflare can solve this problem for your organization by reviewing end user submissions for you.
- Admin submission:
- - To be used when IT administrators or security teams submit to Email Security. Submit original phish samples as an attachment in EML format to the appropriate team submission address.
- - Within the Email Security dashboard, Phish submissions will allow you to have a full understanding of what reclassification has been made and what the outcomes of those submissions are.
+ - To be used when IT administrators or security teams submit to Email security. Submit original phish samples as an attachment in EML format to the appropriate team submission address.
+ - Within the Email security dashboard, Phish submissions will allow you to have a full understanding of what reclassification has been made and what the outcomes of those submissions are.
diff --git a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/phishguard.mdx b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/phishguard.mdx
index 9fdcbe8d5e05f5a..fc0e1110ed32eac 100644
--- a/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/phishguard.mdx
+++ b/src/content/docs/learning-paths/secure-o365-email/monitor-your-inbox/phishguard.mdx
@@ -5,7 +5,7 @@ sidebar:
order: 5
---
-[PhishGuard](/cloudflare-one/email-security/phishguard/) serves as an extension of your Security Operations team with dedicated Email Security technical resources providing real-time monitoring of your email environment. The Active Defense Service provides:
+[PhishGuard](/cloudflare-one/email-security/phishguard/) serves as an extension of your Security Operations team with dedicated Email security technical resources providing real-time monitoring of your email environment. The Active Defense Service provides:
- Customized notification and responses for fraud and insider threats.
- Reclassification of messages if the disposition is incorrect.
@@ -16,7 +16,7 @@ sidebar:
As a PhishGuard customer, the following service offerings should be enabled:
-- Escalation contacts must be configured in the Email Security dashboard: This allows for email reports to be delivered regarding high risk items identified and responded to by the team.
+- Escalation contacts must be configured in the Email security dashboard: This allows for email reports to be delivered regarding high risk items identified and responded to by the team.
- Auto-moves should be enabled and configured for quarantine of identified items: Malicious should be prioritized, but configuring Spam for a move to junk/trash or even soft delete may also be highly useful to the client.
Refer to the [PhishGuard](/cloudflare-one/email-security/phishguard/) documentation to learn more about this add-on service.
diff --git a/src/content/docs/logs/logpush/logpush-job/datasets/account/email_security_alerts.md b/src/content/docs/logs/logpush/logpush-job/datasets/account/email_security_alerts.md
index 0a5e1559a1a0aa4..113732684f19603 100644
--- a/src/content/docs/logs/logpush/logpush-job/datasets/account/email_security_alerts.md
+++ b/src/content/docs/logs/logpush/logpush-job/datasets/account/email_security_alerts.md
@@ -1,7 +1,7 @@
---
# Code generator. DO NOT EDIT.
-title: Email Security Alerts
+title: Email security Alerts
pcx_content_type: configuration
sidebar:
order: 21
@@ -13,7 +13,7 @@ The descriptions below detail the fields available for `email_security_alerts`.
Type: `string`
-The canonical ID for an Email Security Alert (for example, '4WtWkr6nlBz9sNH-2024-08-28T15:32:35').
+The canonical ID for an Email security Alert (for example, '4WtWkr6nlBz9sNH-2024-08-28T15:32:35').
## AlertReasons
@@ -67,7 +67,7 @@ List of links detected in this message, benign or otherwise; limited to 100 in t
Type: `string`
-The message's mode of transport to Email Security.
Possible values are unset \| api \| direct \| bcc \| journal \| retroScan.
+The message's mode of transport to Email security.
Possible values are unset \| api \| direct \| bcc \| journal \| retroScan.
## MessageID
@@ -85,7 +85,7 @@ The origin of the message.
Possible values are unset \| inter
Type: `string`
-The original sender address as determined by Email Security mail processing (for example, 'firstlast@cloudflare.com').
+The original sender address as determined by Email security mail processing (for example, 'firstlast@cloudflare.com').
## ReplyTo
@@ -151,7 +151,7 @@ Value of the Subject header provided by the sender.
Type: `array[string]`
-Threat categories attributed by Email Security processing (for example, 'CredentialHarvester', 'Dropper').
+Threat categories attributed by Email security processing (for example, 'CredentialHarvester', 'Dropper').
## Timestamp
diff --git a/src/content/docs/reference-architecture/architectures/cloudflare-sase-with-microsoft.mdx b/src/content/docs/reference-architecture/architectures/cloudflare-sase-with-microsoft.mdx
index 05ed9d96cda4d15..355ccd250e3ea5a 100644
--- a/src/content/docs/reference-architecture/architectures/cloudflare-sase-with-microsoft.mdx
+++ b/src/content/docs/reference-architecture/architectures/cloudflare-sase-with-microsoft.mdx
@@ -51,7 +51,7 @@ Microsoft and Cloudflare can be integrated in the following ways.
- Leveraging Microsoft [Intune](https://learn.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune) device posture in Cloudflare policies to ensure only managed, trusted devices have access to protected resources
- Using Cloudflare [CASB](/cloudflare-one/integrations/cloud-and-saas/) to inspect your [Microsoft 365](https://www.microsoft.com/en-us/microsoft-365/what-is-microsoft-365) tenants and alert on security findings for incorrectly configured accounts and shared files containing sensitive data
- Using Cloudflare's [Secure Web Gateway](/cloudflare-one/traffic-policies/) to control access to Microsoft SaaS applications such as Outlook, OneDrive and Teams
-- Using Cloudflare's [Email Security](/email-security/) service to increase protection of email from phishing attacks and business email compromise.
+- Using Cloudflare's [Email security](/email-security/) service to increase protection of email from phishing attacks and business email compromise.
### Microsoft Entra ID with Cloudflare
@@ -92,7 +92,7 @@ Cloudflare's Secure Web Gateway (SWG) can help organizations achieve safe and se
By leveraging Cloudflare SWG as a secure gateway for Microsoft 365 access, organizations can benefit from advanced threat protection, granular access controls, traffic inspection, and centralized visibility, ensuring a safe and secure experience for their users while mitigating risks and maintaining compliance.
-### Cloudflare's Email Security for improved email protection
+### Cloudflare's Email security for improved email protection
Phishing is the root cause of upwards of 90% of breaches that lead to financial loss and brand damage. Cloudflare's email security solution sits in front of all email going to your Microsoft 365 tenant, filtering out spam, bulk, malicious and spoof content. The solution can leverage Microsoft [rules for quarantine actions](/email-security/deployment/inline/setup/office-365-area1-mx/use-cases/four-user-quarantine-admin-quarantine/), allowing you to fine tune how different email detections are handled.
@@ -102,7 +102,7 @@ It is also possible to configure cloud email security to scan [Microsoft 365 inb
## Summary
-By leveraging Cloudflare and its integrations with Microsoft, organizations can establish a Zero Trust security posture that goes beyond the limitations of traditional network security models. With Cloudflare's Zero Trust Network Access (ZTNA), organizations can replace self hosted VPNs and enforce conditional access based on user identity and device posture. The integration with Microsoft Entra ID allows for authentication and access control, while Microsoft Intune provides device posture information. Additionally, Cloudflare's CASB offers visibility into the security of Microsoft 365 configuration, the Secure Web Gateway inspects and filters traffic to Microsoft 365, and Email Security protects against phishing attacks, ensuring a secure and compliant environment. This approach enables faster and more secure access to applications, while providing granular control over user access based on identity and device posture.
+By leveraging Cloudflare and its integrations with Microsoft, organizations can establish a Zero Trust security posture that goes beyond the limitations of traditional network security models. With Cloudflare's Zero Trust Network Access (ZTNA), organizations can replace self hosted VPNs and enforce conditional access based on user identity and device posture. The integration with Microsoft Entra ID allows for authentication and access control, while Microsoft Intune provides device posture information. Additionally, Cloudflare's CASB offers visibility into the security of Microsoft 365 configuration, the Secure Web Gateway inspects and filters traffic to Microsoft 365, and Email security protects against phishing attacks, ensuring a secure and compliant environment. This approach enables faster and more secure access to applications, while providing granular control over user access based on identity and device posture.
diff --git a/src/content/docs/reference-architecture/architectures/sase.mdx b/src/content/docs/reference-architecture/architectures/sase.mdx
index b3bac97711f75ed..b9d1a1c371aa7b2 100644
--- a/src/content/docs/reference-architecture/architectures/sase.mdx
+++ b/src/content/docs/reference-architecture/architectures/sase.mdx
@@ -683,7 +683,7 @@ It's worth noting that many of the capabilities described in this document can b
| Zero Trust Network Access | [How to build Access policies](/cloudflare-one/access-controls/policies/) |
| Remote Browser Isolation | [Understanding browser isolation](/cloudflare-one/remote-browser-isolation/) |
| API-Driven CASB | [Scanning SaaS applications](/cloudflare-one/integrations/cloud-and-saas/) |
-| Email Security | [Understanding Cloudflare Email Security](/email-security/) |
+| Email security | [Understanding Cloudflare Email security](/email-security/) |
| Replacing your VPN | [Using Cloudflare to replace your VPN](/learning-paths/replace-vpn/concepts/) |
If you would like to discuss your SASE requirements in greater detail and connect with one of our architects, please visit [https://www.cloudflare.com/cloudflare-one/](https://www.cloudflare.com/cloudflare-one/) and request a consultation.
diff --git a/src/content/docs/reference-architecture/architectures/security.mdx b/src/content/docs/reference-architecture/architectures/security.mdx
index d87b51559b5f683..f1911de4e0032e9 100644
--- a/src/content/docs/reference-architecture/architectures/security.mdx
+++ b/src/content/docs/reference-architecture/architectures/security.mdx
@@ -591,7 +591,7 @@ The same DLP profiles can also be used in our Cloud Access Security Broker (CASB
A lot of this section has focused on protecting access to private networks and applications, but a business must also protect their employees and their devices. Our [secure web gateway](/cloudflare-one/traffic-policies/) (SWG) service sits between users connected to Cloudflare and any resource they are attempting to access, both public and private. Policies can be written to prevent employees from accessing high-risk websites or known sites that distribute malware. Policies can also be written to mitigate phishing attacks by blocking access to domains and websites known to be part of phishing campaigns. Protecting users and their devices from Internet threats also reduces associated risks of those same users and devices accessing private resources.
-Another critical private resource to secure is email. This is often one of the most private of all resources, as it contains confidential communications across your entire organization. It's also a common attack surface, mostly by way of phishing attacks. [Email Security](https://www.cloudflare.com/zero-trust/products/email-security/) (CES) examines all emails in your employee's inboxes and detects spoofed, malicious, or suspicious emails and can be configured to act accordingly. CES can be integrated by changing your domain MX records and redirecting all email via Cloudflare. Another option, for Microsoft and Google, is to integrate via API and inspect email already in a user’s inbox. For suspicious emails, links in the email are rewritten to leverage Cloudflare's [browser isolation service](/cloudflare-one/remote-browser-isolation/) so that when a user heads to that website, their local machine is protected against any malicious code that might be running in the browser.
+Another critical private resource to secure is email. This is often one of the most private of all resources, as it contains confidential communications across your entire organization. It's also a common attack surface, mostly by way of phishing attacks. [Email security](https://www.cloudflare.com/zero-trust/products/email-security/) (CES) examines all emails in your employee's inboxes and detects spoofed, malicious, or suspicious emails and can be configured to act accordingly. CES can be integrated by changing your domain MX records and redirecting all email via Cloudflare. Another option, for Microsoft and Google, is to integrate via API and inspect email already in a user’s inbox. For suspicious emails, links in the email are rewritten to leverage Cloudflare's [browser isolation service](/cloudflare-one/remote-browser-isolation/) so that when a user heads to that website, their local machine is protected against any malicious code that might be running in the browser.
diff --git a/src/content/docs/reference-architecture/by-solution.mdx b/src/content/docs/reference-architecture/by-solution.mdx
index 8e59b472364c112..2152ef9b91fad0e 100644
--- a/src/content/docs/reference-architecture/by-solution.mdx
+++ b/src/content/docs/reference-architecture/by-solution.mdx
@@ -60,7 +60,7 @@ Architecture documentation related to using Cloudflare for Zero Trust, SSE and S
- [Secure your Internet traffic and SaaS apps](/learning-paths/secure-internet-traffic/concepts/)
- [Replace your VPN](/learning-paths/replace-vpn/concepts/)
- [Deploy clientless access](/learning-paths/clientless-access/concepts/)
-- [Secure Microsoft 365 email with Email Security](/learning-paths/secure-o365-email/concepts/)
+- [Secure Microsoft 365 email with Email security](/learning-paths/secure-o365-email/concepts/)
### Networking
diff --git a/src/content/docs/reference-architecture/design-guides/zero-trust-for-saas.mdx b/src/content/docs/reference-architecture/design-guides/zero-trust-for-saas.mdx
index 661175fa19ee48a..f8a032fd226d046 100644
--- a/src/content/docs/reference-architecture/design-guides/zero-trust-for-saas.mdx
+++ b/src/content/docs/reference-architecture/design-guides/zero-trust-for-saas.mdx
@@ -56,7 +56,7 @@ What you will learn:
This guide assumes you have an Enterprise contract with Cloudflare that includes:
- Cloudflare Zero Trust licenses for the number of users you plan to onboard
-- Cloudflare Cloud Email Security licenses for the number of users whose cloud inbox emails will be filtered
+- Cloudflare Cloud Email security licenses for the number of users whose cloud inbox emails will be filtered
:::note[Free and PayGo capabilities]
A lot of the capabilities described in this document [are also available in our free and Pay-as-you-go plans](https://www.cloudflare.com/en-gb/plans/zero-trust-services/).
@@ -177,15 +177,15 @@ Organizations with stringent requirements about email communications for complia
While SaaS email solutions offer native security capabilities, their popularity makes them high-value targets for attackers who seek to exploit vulnerabilities and limitations in their inbound filtering capabilities. To mitigate this risk, IT teams should consider supplementing the native capabilities of cloud email solutions with specialized solutions for inbound email filtering.
-[Cloudflare's Email Security](https://www.cloudflare.com/en-gb/zero-trust/products/email-security/) scans for malicious content or attachments in emails and proactively monitors the Internet for attacker infrastructure and attack delivery mechanisms. It identifies programmatically-created and impersonation domains used to host malicious content as part of planned attacks. This data also helps protect against business and vendor email compromises ([BEC](https://www.cloudflare.com/en-gb/learning/email-security/business-email-compromise-bec/)/[VEC](https://www.cloudflare.com/en-gb/learning/email-security/what-is-vendor-email-compromise/)), which are notoriously difficult to detect due to their lack of payloads and resemblance to legitimate email traffic and a gap for legacy email security platforms.
+[Cloudflare's Email security](https://www.cloudflare.com/en-gb/zero-trust/products/email-security/) scans for malicious content or attachments in emails and proactively monitors the Internet for attacker infrastructure and attack delivery mechanisms. It identifies programmatically-created and impersonation domains used to host malicious content as part of planned attacks. This data also helps protect against business and vendor email compromises ([BEC](https://www.cloudflare.com/en-gb/learning/email-security/business-email-compromise-bec/)/[VEC](https://www.cloudflare.com/en-gb/learning/email-security/what-is-vendor-email-compromise/)), which are notoriously difficult to detect due to their lack of payloads and resemblance to legitimate email traffic and a gap for legacy email security platforms.
Integrating Cloudflare into the existing email infrastructure is both flexible and straightforward, with deployment options available in [inline](/email-security/deployment/inline/) and [API](/email-security/deployment/api/) modes.
-In an inline deployment, Cloudflare's Email Security will evaluate email messages before they reach a user's inboxes (by pointing the email domain MX record to Cloudflare). This allows Cloudflare to [quarantine messages](/email-security/email-configuration/admin-quarantine/) so they never reach the user's inbox or [tag messages with email headers](/email-security/reference/dispositions-and-attributes/#header-structure) to inform the email provider how emails should be handled (for example, [by redirecting bulk emails directly to the spam folder](/email-security/deployment/inline/setup/office-365-area1-mx/use-cases/one-junk-admin-quarantine/)). Cloudflare can also [modify the subject and body of email messages](/email-security/email-configuration/email-policies/text-addons/) to inform a user to be more cautious about a suspicious email and [rewrite links within emails and even isolate those links behind a remote browser](/email-security/email-configuration/email-policies/link-actions/).
+In an inline deployment, Cloudflare's Email security will evaluate email messages before they reach a user's inboxes (by pointing the email domain MX record to Cloudflare). This allows Cloudflare to [quarantine messages](/email-security/email-configuration/admin-quarantine/) so they never reach the user's inbox or [tag messages with email headers](/email-security/reference/dispositions-and-attributes/#header-structure) to inform the email provider how emails should be handled (for example, [by redirecting bulk emails directly to the spam folder](/email-security/deployment/inline/setup/office-365-area1-mx/use-cases/one-junk-admin-quarantine/)). Cloudflare can also [modify the subject and body of email messages](/email-security/email-configuration/email-policies/text-addons/) to inform a user to be more cautious about a suspicious email and [rewrite links within emails and even isolate those links behind a remote browser](/email-security/email-configuration/email-policies/link-actions/).
-In an API deployment, Cloudflare's Email Security will see the email messages only after they have reached the users' inboxes by setting up Journaling/BCC rules in the email provider or through API scan. Then, through integrations with the email provider, Cloudflare can [retract phishing emails](/email-security/email-configuration/retract-settings/) from users' inboxes. Unlike the inline mode, this deployment method does not support quarantining emails or modifying the email messages. However, it is an easy way to add protection in complex email infrastructures with no changes to the existing mail flow operations.
+In an API deployment, Cloudflare's Email security will see the email messages only after they have reached the users' inboxes by setting up Journaling/BCC rules in the email provider or through API scan. Then, through integrations with the email provider, Cloudflare can [retract phishing emails](/email-security/email-configuration/retract-settings/) from users' inboxes. Unlike the inline mode, this deployment method does not support quarantining emails or modifying the email messages. However, it is an easy way to add protection in complex email infrastructures with no changes to the existing mail flow operations.
-These modes can be used concurrently to enhance email security. The inline mode ensures that Cloudflare's Email Security scans and filters emails before they reach users' inboxes. For emails that initially pass through without being flagged as threats, Cloudflare [periodically re-evaluates them](/email-security/email-configuration/retract-settings/office365-retraction/#post-delivery-retractions-for-new-threats). If these emails are later identified as part of a phishing campaign, they are automatically retracted with the API. This proactive approach protects organizations against deferred phishing attacks, where attackers send emails with seemingly benign links that are weaponized after delivery to bypass initial detection.
+These modes can be used concurrently to enhance email security. The inline mode ensures that Cloudflare's Email security scans and filters emails before they reach users' inboxes. For emails that initially pass through without being flagged as threats, Cloudflare [periodically re-evaluates them](/email-security/email-configuration/retract-settings/office365-retraction/#post-delivery-retractions-for-new-threats). If these emails are later identified as part of a phishing campaign, they are automatically retracted with the API. This proactive approach protects organizations against deferred phishing attacks, where attackers send emails with seemingly benign links that are weaponized after delivery to bypass initial detection.
diff --git a/src/content/docs/reference-architecture/implementation-guides/index.mdx b/src/content/docs/reference-architecture/implementation-guides/index.mdx
index e5bcda9c736449d..77077a23dc10025 100644
--- a/src/content/docs/reference-architecture/implementation-guides/index.mdx
+++ b/src/content/docs/reference-architecture/implementation-guides/index.mdx
@@ -16,7 +16,7 @@ Implementation guides provide [step-by-step instructions](/reference-architectur
- [Secure your Internet traffic and SaaS apps](/learning-paths/secure-internet-traffic/concepts/)
- [Replace your VPN](/learning-paths/replace-vpn/concepts/)
- [Deploy Zero Trust Web Access](/learning-paths/clientless-access/concepts/)
-- [Secure Microsoft 365 email with Email Security](/learning-paths/secure-o365-email/concepts/)
+- [Secure Microsoft 365 email with Email security](/learning-paths/secure-o365-email/concepts/)
## Application Security
diff --git a/src/content/docs/reference-architecture/implementation-guides/zero-trust/index.mdx b/src/content/docs/reference-architecture/implementation-guides/zero-trust/index.mdx
index 518428dc317bc9f..ff7d95a027f2ebc 100644
--- a/src/content/docs/reference-architecture/implementation-guides/zero-trust/index.mdx
+++ b/src/content/docs/reference-architecture/implementation-guides/zero-trust/index.mdx
@@ -15,4 +15,4 @@ Zero Trust implementation guides walk you through the steps to deploy a Zero Tru
- [Secure your Internet traffic and SaaS apps](/learning-paths/secure-internet-traffic/concepts/)
- [Replace your VPN](/learning-paths/replace-vpn/concepts/)
- [Deploy Zero Trust Web Access](/learning-paths/clientless-access/concepts/)
-- [Secure Microsoft 365 email with Email Security](/learning-paths/secure-o365-email/concepts/)
+- [Secure Microsoft 365 email with Email security](/learning-paths/secure-o365-email/concepts/)
diff --git a/src/content/learning-paths/secure-o365-email.json b/src/content/learning-paths/secure-o365-email.json
index 9c0cda54c005ef1..318ef99c61386dc 100644
--- a/src/content/learning-paths/secure-o365-email.json
+++ b/src/content/learning-paths/secure-o365-email.json
@@ -1,7 +1,7 @@
{
- "title": "Secure Microsoft 365 email with Email Security",
+ "title": "Secure Microsoft 365 email with Email security",
"path": "/learning-paths/secure-o365-email/concepts/",
"pcx_content_type": "learning-path",
- "description": "Use Cloudflare's Email Security to protect your Microsoft 365 email inbox from phishing and malware attacks.",
+ "description": "Use Cloudflare's Email security to protect your Microsoft 365 email inbox from phishing and malware attacks.",
"products": ["email-security-cf1"]
}
diff --git a/src/content/partials/cloudflare-one/email-security/deployment/m365-use-case-transport-rules.mdx b/src/content/partials/cloudflare-one/email-security/deployment/m365-use-case-transport-rules.mdx
index 4e8c2879fe47c3c..74cc7287222bae1 100644
--- a/src/content/partials/cloudflare-one/email-security/deployment/m365-use-case-transport-rules.mdx
+++ b/src/content/partials/cloudflare-one/email-security/deployment/m365-use-case-transport-rules.mdx
@@ -1,12 +1,11 @@
---
inputParameters: ruleName;;ruleWords;;doFollowing;;img;;ruleName2;;ruleWords2;;doFollowing2;;img2
-
---
-import { Image } from 'astro:assets';
-import { GlossaryTooltip, Markdown } from "~/components"
+import { Image } from "astro:assets";
+import { GlossaryTooltip, Markdown } from "~/components";
-To create the transport rules that will send emails with certain [disposition](/cloudflare-one/email-security/reference/dispositions-and-attributes/#dispositions) to Email Security:
+To create the transport rules that will send emails with certain [disposition](/cloudflare-one/email-security/reference/dispositions-and-attributes/#dispositions) to Email security:
1. Open the new [Exchange admin center](https://admin.exchange.microsoft.com/#/homepage).
@@ -15,14 +14,13 @@ To create the transport rules that will send emails with certain [disposition](/
3. Select **Add a Rule** > **Create a new rule**.
4. Set the following rule conditions:
-
- * **Name**: *{props.one}*.
- * **Apply this rule if**: *The message headers* > *includes any of these words*.
- * **Enter text**: `X-CFEmailSecurity-Disposition` > **Save**.
- * **Enter words**: {props.two} > **Add** > **Save**.
- * **Apply this rule if**: Select **+** to add a second condition.
- * **And**: *The sender* > *IP address is in any of these ranges or exactly matches* > enter the egress IPs in the [Egress IPs](/cloudflare-one/email-security/setup/pre-delivery-deployment/egress-ips/) page.
- * **Do the following** - *{props.three}*.
+ - **Name**: _{props.one}_.
+ - **Apply this rule if**: _The message headers_ > _includes any of these words_.
+ - **Enter text**: `X-CFEmailSecurity-Disposition` > **Save**.
+ - **Enter words**: {props.two} > **Add** > **Save**.
+ - **Apply this rule if**: Select **+** to add a second condition.
+ - **And**: _The sender_ > _IP address is in any of these ranges or exactly matches_ > enter the egress IPs in the [Egress IPs](/cloudflare-one/email-security/setup/pre-delivery-deployment/egress-ips/) page.
+ - **Do the following** - _{props.three}_.
5. Select **Next**.
@@ -35,14 +33,13 @@ To create the transport rules that will send emails with certain [disposition](/
9. Select **Add a Rule** > **Create a new rule**.
10. Set the following rule conditions:
-
- * **Name**: *{props.five}*.
- * **Apply this rule if**: *The message headers* > *includes any of these words*.
- * **Enter text**: `X-CFEmailSecurity-Disposition` > **Save**.
- * **Enter words**: *{props.six}* > **Add** > **Save**.
- * **Apply this rule if**: Select **+** to add a second condition.
- * **And**: *The sender* > *IP address is in any of these ranges or exactly matches* > enter the egress IPs in the [Egress IPs](/cloudflare-one/email-security/setup/pre-delivery-deployment/egress-ips/) page.
- * **Do the following**: *{props.seven}*.
+ - **Name**: _{props.five}_.
+ - **Apply this rule if**: _The message headers_ > _includes any of these words_.
+ - **Enter text**: `X-CFEmailSecurity-Disposition` > **Save**.
+ - **Enter words**: _{props.six}_ > **Add** > **Save**.
+ - **Apply this rule if**: Select **+** to add a second condition.
+ - **And**: _The sender_ > _IP address is in any of these ranges or exactly matches_ > enter the egress IPs in the [Egress IPs](/cloudflare-one/email-security/setup/pre-delivery-deployment/egress-ips/) page.
+ - **Do the following**: _{props.seven}_.
11. Select **Next**.
@@ -50,4 +47,4 @@ To create the transport rules that will send emails with certain [disposition](/
13. Review your settings and select **Finish** > **Done**.
-14. Select the rule *{props.five}* you have just created, and select **Enable**.
+14. Select the rule _{props.five}_ you have just created, and select **Enable**.
diff --git a/src/content/partials/cloudflare-one/email-security/deployment/m365-use-cases-antispam.mdx b/src/content/partials/cloudflare-one/email-security/deployment/m365-use-cases-antispam.mdx
index 7d0bf8c9fd87ef1..4878be9cee67478 100644
--- a/src/content/partials/cloudflare-one/email-security/deployment/m365-use-cases-antispam.mdx
+++ b/src/content/partials/cloudflare-one/email-security/deployment/m365-use-cases-antispam.mdx
@@ -1,10 +1,9 @@
---
inputParameters: spamQuarantinePolicy;;phishingQuarantinePolicy;;highPhishingQuarantinePolicy;;img
-
---
-import { Image } from "astro:assets"
-import { Markdown } from "~/components"
+import { Image } from "astro:assets";
+import { Markdown } from "~/components";
To configure anti-spam policies:
@@ -22,14 +21,14 @@ To configure anti-spam policies:
7. Set the following conditions and actions (you might need to scroll up or down to find them):
-- **Spam**: *Move messages to Junk Email folder*.
-- **High confidence spam**: *Quarantine message*.
+- **Spam**: _Move messages to Junk Email folder_.
+- **High confidence spam**: _Quarantine message_.
- **Select quarantine policy**: {props.one}.
-- **Phishing**: *Quarantine message*.
+- **Phishing**: _Quarantine message_.
- **Select quarantine policy**: {props.two}.
-- **High confidence phishing**: *Quarantine message*.
+- **High confidence phishing**: _Quarantine message_.
- **Select quarantine policy**: {props.three}.
-- **Retain spam in quarantine for this many days**: Default is 15 days. Email Security recommends 15-30 days.
+- **Retain spam in quarantine for this many days**: Default is 15 days. Email security recommends 15-30 days.
- Select the spam actions in the above step.
8. Select **Save**.
diff --git a/src/content/partials/cloudflare-one/email-security/deployment/mx-deployment-prereq.mdx b/src/content/partials/cloudflare-one/email-security/deployment/mx-deployment-prereq.mdx
index 4762b571ca05ebd..b72ad37300f8cb6 100644
--- a/src/content/partials/cloudflare-one/email-security/deployment/mx-deployment-prereq.mdx
+++ b/src/content/partials/cloudflare-one/email-security/deployment/mx-deployment-prereq.mdx
@@ -6,7 +6,7 @@
To ensure changes made in this tutorial take effect quickly, update the Time to Live (TTL) value of the existing MX records on your domains to five minutes. Do this on all the domains you will be deploying.
-Changing the TTL value instructs DNS servers on how long to cache this value before requesting an update from the responsible nameserver. You need to change the TTL value before changing your MX records to Email Security. This will ensure that changes take effect quickly and can also be reverted quickly if needed. If your DNS manager does not allow for a TTL of five minutes, set it to the lowest possible setting.
+Changing the TTL value instructs DNS servers on how long to cache this value before requesting an update from the responsible nameserver. You need to change the TTL value before changing your MX records to Email security. This will ensure that changes take effect quickly and can also be reverted quickly if needed. If your DNS manager does not allow for a TTL of five minutes, set it to the lowest possible setting.
:::note
Make TTL changes a few days before the production update, and wait at least as long as the old TTL values before making the update, since some senders might still be using the old cached values.
@@ -44,4 +44,4 @@ Below is a list with instructions on how to edit MX records for some popular ser
- **Cloudflare**: [Set up email records](/dns/manage-dns-records/how-to/email-records/)
- **GoDaddy**: [Edit an MX Record](https://www.godaddy.com/help/edit-an-mx-record-19235)
- **AWS**: [Creating records by using the Amazon Route 53 console](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-creating.html)
-- **Azure**: [Create DNS records in a custom domain for a web app](https://learn.microsoft.com/en-us/azure/dns/dns-web-sites-custom-domain)
\ No newline at end of file
+- **Azure**: [Create DNS records in a custom domain for a web app](https://learn.microsoft.com/en-us/azure/dns/dns-web-sites-custom-domain)
diff --git a/src/content/partials/cloudflare-one/email-security/deployment/mx-geographic-locations.mdx b/src/content/partials/cloudflare-one/email-security/deployment/mx-geographic-locations.mdx
index 63545c48cd0945f..18cf3eb5803b9de 100644
--- a/src/content/partials/cloudflare-one/email-security/deployment/mx-geographic-locations.mdx
+++ b/src/content/partials/cloudflare-one/email-security/deployment/mx-geographic-locations.mdx
@@ -1,18 +1,17 @@
---
{}
-
---
-When configuring the Email Security MX records, it is important to configure hosts with the correct MX priority. This will allow mail flows to the preferred hosts and fail over as needed.
+When configuring the Email security MX records, it is important to configure hosts with the correct MX priority. This will allow mail flows to the preferred hosts and fail over as needed.
-Choose from the following Email Security MX hosts, and order them by priority. For example, if you are located outside the US and want to prioritize email processing in the EU, add `mailstream-eu1.mxrecord.io` as your first host, and then the US servers.
+Choose from the following Email security MX hosts, and order them by priority. For example, if you are located outside the US and want to prioritize email processing in the EU, add `mailstream-eu1.mxrecord.io` as your first host, and then the US servers.
-| Host | Location | Note |
-| -------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `mailstream-central.mxrecord.mx` `mailstream-east.mxrecord.io` `mailstream-west.mxrecord.io` | US | Best option to ensure all email traffic processing happens in the US. |
-| `mailstream-eu1.mxrecord.io` | EU | Best option to ensure all email traffic processing happens in Germany, with backup to US data centers. |
-| `mailstream-bom.mxrecord.mx` | India | Best option to ensure all email traffic processing happens within India.
-| `mailstream-india-primary.mxrecord.mx` | India | Same as `mailstream-bom.mxrecord.mx`, with backup to US data centers. |
-| `mailstream-asia.mxrecord.mx` | India | Best option to ensure all email traffic processing happens in India, with Australia data centers as backup.
-| `mailstream-syd.area1.cloudflare.net` | Australia / New Zealand | Best option to ensure all email traffic processing happens within Australia. |
-| `mailstream-australia-primary.area1.cloudflare.net` | Australia / New Zealand | Best option to ensure all email traffic processing happens in Australia, with India and US data centers as backup. |
+| Host | Location | Note |
+| -------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | ------------------------------------------------------------------------------------------------------------------ |
+| `mailstream-central.mxrecord.mx` `mailstream-east.mxrecord.io` `mailstream-west.mxrecord.io` | US | Best option to ensure all email traffic processing happens in the US. |
+| `mailstream-eu1.mxrecord.io` | EU | Best option to ensure all email traffic processing happens in Germany, with backup to US data centers. |
+| `mailstream-bom.mxrecord.mx` | India | Best option to ensure all email traffic processing happens within India. |
+| `mailstream-india-primary.mxrecord.mx` | India | Same as `mailstream-bom.mxrecord.mx`, with backup to US data centers. |
+| `mailstream-asia.mxrecord.mx` | India | Best option to ensure all email traffic processing happens in India, with Australia data centers as backup. |
+| `mailstream-syd.area1.cloudflare.net` | Australia / New Zealand | Best option to ensure all email traffic processing happens within Australia. |
+| `mailstream-australia-primary.area1.cloudflare.net` | Australia / New Zealand | Best option to ensure all email traffic processing happens in Australia, with India and US data centers as backup. |
diff --git a/src/content/partials/cloudflare-one/email-security/detect-phish.mdx b/src/content/partials/cloudflare-one/email-security/detect-phish.mdx
index ec9f1d28d2bd8a5..d3912c161805eb3 100644
--- a/src/content/partials/cloudflare-one/email-security/detect-phish.mdx
+++ b/src/content/partials/cloudflare-one/email-security/detect-phish.mdx
@@ -1,12 +1,10 @@
---
{}
-
-
---
import { GlossaryTooltip, Render } from "~/components";
-Email Security uses a variety of factors to determine whether a given email message, a web domain or URL, or specific network traffic is part of a phishing campaign (marked with a [`Malicious` disposition](/cloudflare-one/email-security/reference/dispositions-and-attributes/)) or other common campaigns (for example, `Spam`).
+Email security uses a variety of factors to determine whether a given email message, a web domain or URL, or specific network traffic is part of a phishing campaign (marked with a [`Malicious` disposition](/cloudflare-one/email-security/reference/dispositions-and-attributes/)) or other common campaigns (for example, `Spam`).
:::note
Certain URL rewrite schemes cannot be decoded (for example, Mimecast).
@@ -134,4 +132,4 @@ These small pattern assessments are dynamic in nature and — in many cases —
### Network phishing
- **Example**: C2 communications for lateral spread within the network or malicious phish downloaded from an external host. Typically seen when an end user gets infected outside the organization, comes back into the network and the C2 hosts uses the infected endpoint to download the implant based on the IP address space it is now resident in.
-- **Detections applied**: Network device integrations (firewalls) and API-based integrations within existing orchestration services.
\ No newline at end of file
+- **Detections applied**: Network device integrations (firewalls) and API-based integrations within existing orchestration services.
diff --git a/src/content/partials/cloudflare-one/email-security/post-verification-setup.mdx b/src/content/partials/cloudflare-one/email-security/post-verification-setup.mdx
index c11bf705885b584..e2cc9df4d6fc4d5 100644
--- a/src/content/partials/cloudflare-one/email-security/post-verification-setup.mdx
+++ b/src/content/partials/cloudflare-one/email-security/post-verification-setup.mdx
@@ -1,12 +1,11 @@
---
{}
-
---
## Verify successful deployment
To verify that the deployment has been successful and that your emails are being scanned:
-1. In [Zero Trust](https://one.dash.cloudflare.com/), select **Email Security**.
+1. In [Zero Trust](https://one.dash.cloudflare.com/), select **Email security**.
2. Go to **Settings** > **Domain management** > **Domains**, then select **View**.
-3. Under **Your domains**, locate your domain, and verify that **Status** (which describes the state of the configuration) displays **Active**.
\ No newline at end of file
+3. Under **Your domains**, locate your domain, and verify that **Status** (which describes the state of the configuration) displays **Active**.
diff --git a/src/content/partials/email-security/deployment/journaling-connector.mdx b/src/content/partials/email-security/deployment/journaling-connector.mdx
index a696122eda59522..6aba5ccccf9cc5f 100644
--- a/src/content/partials/email-security/deployment/journaling-connector.mdx
+++ b/src/content/partials/email-security/deployment/journaling-connector.mdx
@@ -1,17 +1,16 @@
---
{}
-
---
-### 1. Configure connector for delivery to Email Security (formerly Area 1) (if required)
+### 1. Configure connector for delivery to Email security (formerly Area 1) (if required)
:::note
-Email Security only scans inbound emails.
+Email security only scans inbound emails.
:::
If your email architecture does not include an outbound gateway, you can skip this step and [proceed to the next one](#2-configure-journal-rule).
-On the other hand, if your email architecture requires outbound messages to traverse your email gateway, you may want to consider configuring a connector to send the journal messages directly to Email Security.
+On the other hand, if your email architecture requires outbound messages to traverse your email gateway, you may want to consider configuring a connector to send the journal messages directly to Email security.
1. Log in to the [Exchange admin center](https://admin.exchange.microsoft.com), and go to **Mail flow** > **Connectors**.
@@ -20,52 +19,47 @@ On the other hand, if your email architecture requires outbound messages to trav
2. Select **Add a connector**.
3. Configure the new connector as follows:
-
- * **Connection From**: Office 365
- * **Connection to**: Partner Organization
+ - **Connection From**: Office 365
+ - **Connection to**: Partner Organization
4. Select **Next**.
5. Configure the connector as follows:
-
- * **Name**: `Deliver journal directly to Area 1`
- * **Description**: `Deliver journal directly to Area 1`
- * **Turn it on**: Enabled.
+ - **Name**: `Deliver journal directly to Area 1`
+ - **Description**: `Deliver journal directly to Area 1`
+ - **Turn it on**: Enabled.
6. Select **Next**.
7. Configure the **Use of connector** setting as follows:
-
- * Select **Only when email messages are sent to these domains**.
- * In the text field, enter `journaling.mxrecord.io` as the host address, and select **+** to add the domain.
+ - Select **Only when email messages are sent to these domains**.
+ - In the text field, enter `journaling.mxrecord.io` as the host address, and select **+** to add the domain.
8. Select **Next**.
9. Configure the **Routing** setting as follows:
-
- * Select **Route email through these smart hosts**.
- * In the text field, enter `journaling.mxrecord.io` as the [smart host](https://en.wikipedia.org/wiki/Smart_host) address, and select **+** to add the domain.
+ - Select **Route email through these smart hosts**.
+ - In the text field, enter `journaling.mxrecord.io` as the [smart host](https://en.wikipedia.org/wiki/Smart_host) address, and select **+** to add the domain.
10. Select **Next**.
11. In **Security restrictions**, you need to keep the default TLS configuration. Review the following settings:
-
- * Make sure the **Always use Transport Layer Security (TLS) to secure the connection (recommended)** checkbox is selected.
- * In **Connect only if the recipients email server certificate matches this criteria** select **Issued by a trusted certificate authority (CA)**.
+ - Make sure the **Always use Transport Layer Security (TLS) to secure the connection (recommended)** checkbox is selected.
+ - In **Connect only if the recipients email server certificate matches this criteria** select **Issued by a trusted certificate authority (CA)**.
12. Select **Next**.
-13. You need to validate the connector by using your tenant’s specific journaling address. To find this address, go to the [Email Security dashboard](https://horizon.area1security.com/support/service-addresses) > **Support** > **Service Addresses page**.
+13. You need to validate the connector by using your tenant’s specific journaling address. To find this address, go to the [Email security dashboard](https://horizon.area1security.com/support/service-addresses) > **Support** > **Service Addresses page**.
@@ -102,11 +96,10 @@ Your connector is now active. You can find it in **Exchange admin center** > **M
7. Select **New rule** to configure a journaling rule, and configure it as follows:
-
- * **Send journal reports to**: This address is specific to each customer tenant, and can be found in your [Email Security dashboard](https://horizon.area1security.com/support/service-addresses). For example, `@journaling.mxrecord.io`.
- * **Journal Rule Name**: `Journal Messages to CloudflareArea 1`
- * **Journal messages sent or received from**: *Everyone*
- * **Type of message to journal**: *External messages only*
+ - **Send journal reports to**: This address is specific to each customer tenant, and can be found in your [Email security dashboard](https://horizon.area1security.com/support/service-addresses). For example, `@journaling.mxrecord.io`.
+ - **Journal Rule Name**: `Journal Messages to CloudflareArea 1`
+ - **Journal messages sent or received from**: _Everyone_
+ - **Type of message to journal**: _External messages only_
8. Select **Next**.
@@ -114,7 +107,7 @@ Your connector is now active. You can find it in **Exchange admin center** > **M
-Once saved, the rule is automatically active. However, it may take a few minutes for the configuration to propagate and start pushing messages to Cloudflare Email Security. After it propagates, you can access the Cloudflare Email Security dashboard to check the number of messages processed. This number will grow as journaled messages are sent to Cloudflare Email Security from your Exchange server.
+Once saved, the rule is automatically active. However, it may take a few minutes for the configuration to propagate and start pushing messages to Cloudflare Email security. After it propagates, you can access the Cloudflare Email security dashboard to check the number of messages processed. This number will grow as journaled messages are sent to Cloudflare Email security from your Exchange server.
### 3. Compliance
@@ -143,11 +136,10 @@ After creating the distribution lists based on regions for your users, configure
7. Select **New rule** to configure a journaling rule, and configure it as follows:
-
- * **Send journal reports to**: This address is specific to each customer tenant, and can be found in your [Email Security dashboard](https://horizon.area1security.com/support/service-addresses). If you need to process emails in certain geographic regions, refer to the [Geographic locations](#geographic-locations) table for more information on what address you should use.
- * **Journal Rule Name**: `Journal Messages to CloudflareArea 1`
- * **Journal messages sent or received from**: *A specific user or group* and select the user group you [created above](#3-compliance).
- * **Type of message to journal**: *External messages only*
+ - **Send journal reports to**: This address is specific to each customer tenant, and can be found in your [Email security dashboard](https://horizon.area1security.com/support/service-addresses). If you need to process emails in certain geographic regions, refer to the [Geographic locations](#geographic-locations) table for more information on what address you should use.
+ - **Journal Rule Name**: `Journal Messages to CloudflareArea 1`
+ - **Journal messages sent or received from**: _A specific user or group_ and select the user group you [created above](#3-compliance).
+ - **Type of message to journal**: _External messages only_
8. Select **Next**.
@@ -155,4 +147,4 @@ After creating the distribution lists based on regions for your users, configure
-Once saved, the rule is automatically active. However, it may take a few minutes for the configuration to propagate and start pushing messages to Cloudflare Email Security. After it propagates, you can access the Cloudflare Email Security dashboard to check the number of messages processed. This number will grow as journaled messages are sent to Cloudflare Email Security from your Exchange server.
+Once saved, the rule is automatically active. However, it may take a few minutes for the configuration to propagate and start pushing messages to Cloudflare Email security. After it propagates, you can access the Cloudflare Email security dashboard to check the number of messages processed. This number will grow as journaled messages are sent to Cloudflare Email security from your Exchange server.
diff --git a/src/content/partials/email-security/timestamp.mdx b/src/content/partials/email-security/timestamp.mdx
index 01600c90c32ddea..1d0d053d3d128a0 100644
--- a/src/content/partials/email-security/timestamp.mdx
+++ b/src/content/partials/email-security/timestamp.mdx
@@ -1,6 +1,5 @@
---
{}
-
---
-Timestamps in the dashboard of Email Security (formerly Area 1) are localized to your timezone. Email Security reads this information from the clock of your computer when you log in.
+Timestamps in the dashboard of Email security (formerly Area 1) are localized to your timezone. Email security reads this information from the clock of your computer when you log in.
diff --git a/src/content/products/email-security-cf1.yaml b/src/content/products/email-security-cf1.yaml
index c0f9b6c1509503c..c1ae62693a1354a 100644
--- a/src/content/products/email-security-cf1.yaml
+++ b/src/content/products/email-security-cf1.yaml
@@ -1,7 +1,7 @@
-name: Email Security
+name: Email security
product:
- title: Email Security
+ title: Email security
url: /cloudflare-one/email-security/
group: Cloudflare One
diff --git a/src/content/products/email-security.yaml b/src/content/products/email-security.yaml
index 67a3948c54f6aed..fbab34a51be7efa 100644
--- a/src/content/products/email-security.yaml
+++ b/src/content/products/email-security.yaml
@@ -1,12 +1,12 @@
-name: Email Security
+name: Email security
product:
- title: Email Security (formerly Area 1)
+ title: Email security (formerly Area 1)
url: /email-security/
group: Cloudflare One
show: false
meta:
- title: Cloudflare Email Security (formerly Area 1) docs
- description: Cloudflare Email Security is a cloud based service that stops phishing attacks, the biggest cybersecurity threat, across all traffic vectors - email, web and network.
+ title: Cloudflare Email security (formerly Area 1) docs
+ description: Cloudflare Email security is a cloud based service that stops phishing attacks, the biggest cybersecurity threat, across all traffic vectors - email, web and network.
author: "@cloudflare"
diff --git a/src/content/release-notes/api-deprecations.yaml b/src/content/release-notes/api-deprecations.yaml
index fa6edc484e78d61..5d595cb69ef9693 100644
--- a/src/content/release-notes/api-deprecations.yaml
+++ b/src/content/release-notes/api-deprecations.yaml
@@ -19,7 +19,7 @@ entries:
* `GET /radar/http/summary/bot_class`
* `GET /radar/http/timeseries_groups/device_type`
* `GET /radar/http/timeseries_groups/bot_class`
- * Other similar summary and timeseries groups endpoints for the following datasets: AI Bots, AI Inference, AS112, DNS, Email Routing, Email Security, HTTP, Layer 3 Attacks, Layer 7 Attacks, Leaked Credential Checks
+ * Other similar summary and timeseries groups endpoints for the following datasets: AI Bots, AI Inference, AS112, DNS, Email Routing, Email security, HTTP, Layer 3 Attacks, Layer 7 Attacks, Leaked Credential Checks
Replacements: