Shield Transport Rules

Description

Shield transport rules reside in the Shield organization's Microsoft 365 tenant. All rules are deployed during Step 3 of Shield onboarding except Shield - Send to Bracket. This rule is only created once Preferences are saved to Configure Bracket after an organization has been successfully onboarded.

Corresponding Shield Connectors are detailed here.

Shield - Send to Frontline

Shield - Send to Frontline -- Rule.png

Status

Enabled

Priority

0

Stop processing more rules: ✅ (Yes)

Apply this rule if

A recipient's domain is 'domain.tld'

Do the following

Redirect the message to the following connector 'Shield - Send to Frontline'

And

Modify the message properties set a message header

Set the message header 'X-Frontline-API' to the value '"extract_origin": "true"}'

Except if

The sender IP address is any of these these ranges or exactly matches

Sender's IP address is in the range
  • 3.133.222.181
  • 18.189.152.83
  • 3.13.18.50
  • 3.21.178.168
  • 3.135.43.190
  • 13.58.249.20
  • 3.128.208.182
  • 3.129.146.181
Or
The sender is external/external
The sender is located 'InOrganization'

Shield - Send to Junk

Shield - Send to Junk -- Rule.png Status

Enabled

Priority

1

Stop processing more rules: ❌ (No)

Apply this rule if

The sender IP address is any of these these ranges or exactly matches

Sender's IP address is in the range
  • 3.133.222.181
  • 18.189.152.83
  • 3.13.18.50
  • 3.21.178.168
  • 3.135.43.190
  • 13.58.249.20
  • 3.128.208.182
  • 3.129.146.181
And
The recipient domain is 'domain.tld'
And
The message headers... matches these text patterns
'X-Shield-API' message header matches {"action": "junk"}
Do the following
Modify the message properties set the spam confidence
Set the spam confidence level (SCL) to '6'

Shield - Bypass Spam Filtering

Shield - Bypass Spam Filtering -- Rule.png

Enabled

Priority

2

Stop processing more rules: ❌ (No)

Apply this rule if

The sender IP address is any of these these ranges or exactly matches

Sender's IP address is in the range
  • 3.133.222.181
  • 18.189.152.83
  • 3.13.18.50
  • 3.21.178.168
  • 3.135.43.190
  • 13.58.249.20
  • 3.128.208.182
  • 3.129.146.181

Do the following

Modify the message properties... Set the spam confidence level to Bypass Spam Filtering

Set the spam confidence level (SCL) to '-1'

Shield - Send to Outpost

Shield - Send to Outpost -- Rule.png

Status

Enabled

Priority

3

Stop processing more rules: ✅ (Yes)

Apply this rule if

The recipient is external/internal

The recipient is located 'NotInOrganization'

And

The sender domain is

The sender's domain is 'domain.tld'

And

The sender is external/internal

The sender is located 'InOrganization'

Do the following

Redirect the message to the following connector

route the message using the following connector 'Shield - Send to Outpost'

 

Shield - Send to Bracket

Bracket Trigger Rule -- Rule.png

Status

Enabled

Priority

4

Stop processing more rules: ✅ (Yes)

Apply this rule if

The recipient is external/external

The recipient is located 'NotInOrganization'

And

The sender domain is

The sender's domain is 'domain.tld' (replace with Shield domain[s] for the tenant)

And

The subject or body subject matches these text patterns

The subject matches these text patterns: Encrypt.Bracket.Email

And

The sender is external/external

The sender is located 'InOrganization'

Do the following

Redirect the message to the following connector

route the message using the following connector 'Shield - Send to Bracket'

Getting Help

If you need assistance, please contact the Partner Success team.

 

Related to

Updated

Was this article helpful?

0 out of 0 found this helpful