Observables are the original sender domain, original sender IP address, embedded URLs, and embedded attachments:
- Sender Domain – The domain of the original sender. Reputation data provided includes web reputation, threat categories if applicable, and any assigned content categories.
- Sender IP – The IP address of the original sender. Email reputation provided.
- Embedded URLs – Any URLs extracted from the content of the email. Reputation data provided includes web reputation, threat categories if applicable, and any assigned content categories. We do not provide reputation data on FTP links, but they may show up as an extracted URL.
- Embedded Attachments – Any attachments extracted from the email submission. The attachment SHA256, file name (if available), and file size will be displayed. Reputation data available includes file reputation.
Note that each email submission should have an original sender domain and IP address, but may or may not have embedded attachments or embedded URLs.
Users can preview observables on the Email Submission page by:
- Expanding an individual submission row
- Clicking the bulk expand button, which will open either the first 50 or next available 50 submission rows
Each nested information row will show a maximum of 5 observables of embedded URLs and embedded attachments. If an email submission has more observables, a user can click the ‘Go to Email Submission Detail Page’ to see the full list of extracted observables.
Users can look up further reputation details of a single observable by selecting the desired observable and clicking the ‘Reputation Center’ button above the appropriate table.
Users can also investigate multiple observables at once using SecureX, a free-to-Cisco-customers dashboard that combines reputation data from the full suite of Cisco Secure products based on the customer’s Cisco product portfolio. Customers can select up to 20 observables from a single submission to investigate in SecureX at a time using the ‘Investigate observables in SecureX’ button.
Users can file a single Reputation Dispute (web, email, or file), or apply disputes in bulk for one or more of each type of observable on a submission. URLs and domains can also have Content Categorization Disputes filed against them.
