Views:

Configure Correlated Intelligence scanning criteria in Cloud Email Gateway Protection to detect security risks and anomalies using predefined and custom correlation rules.

Correlated Intelligence correlates suspicious signals from Virus Scan and Spam Filtering to detect security risks and anomalies that may go unnoticed by a single security filter.
Agentic AI-powered detection adds another layer of intelligence to Correlated Intelligence. Agentic AI uses correlation rules together with AI-driven analysis to detect security risks including phishing and spam more effectively.
Note
Note
  • Agentic AI-powered detection is in private preview. If you want to access this feature before it enters public preview or is officially released, contact your sales representative.
  • Correlated Intelligence is available for Inbound Protection only.
To view and manage predefined and custom correlation rules and detection signals, go to AdministrationPolicy ObjectsCorrelation Rules and Detection Signals. For details, see Manage correlation rules and detection signals.

Procedure

  1. Click Scanning Criteria.
  2. Select Enhance with Agentic AI detection to enable the Agentic AI-powered detection model for detecting spam and phishing emails.
    Note
    Note
    Currently, Agentic AI-powered detection applies to security risks only.
  3. Configure security risk detection settings.
    Security risks are high-confidence detections by Correlated Intelligence. Security risks are usually sophisticated attacks that are difficult to detect with a single protection layer.
    1. Select the Phishing and/or Spam check box to enable phishing or spam detection by Correlated Intelligence.
    2. Optionally, select the check box to submit suspicious files to Virtual Analyzer for further observation and analysis.
      Virtual Analyzer performs observation and analysis on samples in a closed environment. Analysis takes 3 minutes on average to identify the risk of a file, and can take up to 30 minutes for some files.
      Actions configured for Virtual Analyzer scan exception and Virtual Analyzer submission quota exception under Virus Scan also apply to Correlated Intelligence policy.
  4. Configure anomaly detection settings.
    Important
    Important
    Anomaly detections may not always indicate malicious activity. We recommend initially setting actions to Tag subject or Insert stamp in body to monitor outcomes before applying stronger actions.
    1. Select Pre-defined anomalies to detect TrendAI™ specified anomalies using predefined correlation rules.
      Choose All pre-defined rules to enforce all existing and future rules, or Specified pre-defined rules to select individual rules. Predefined rules are classified into three aggressive levels: Moderate, Aggressive, and Extra aggressive. For details, see Manage correlation rules and detection signals.
    2. Optionally, select Custom Correlated Intelligence to enable anomaly detection using custom correlation rules you have created for your environment.
  5. Click Submit.
    Ensure the policy rule has the appropriate priority in your policy list. Correlated Intelligence policy rules are evaluated in order from top to bottom.
See also:

Next steps

To verify Agentic AI detections, go to policy event logs and search by threat name. The following threat names indicate Agentic AI detections:
  • SPAM.AI.CS — spam detected by Agentic AI
  • PHISHING.AI.CS — phishing detected by Agentic AI