/mcpC H A P T E R 37 Malicious Call Identification • Malicious Call Identification Overview, on page 483 • Malicious Call Identification Prerequisites, on page 483 • Malicious Call Identification Configuration Task Flow, on page 484 • Malicious Call Identification Interactions, on page 490 • Malicious Call Identification Restrictions, on page 491 • Malicious Call ID Troubleshooting, on page 492 Malicious Call Identification Overview You can configure the Malicious Call Identification (MCID) feature to track troublesome or threatening calls. Users can report these calls by requesting that Cisco Unified Communications Manager identify and register the source of the incoming call in the network. When the MCID feature is configured, the following actions take place: 1. The user receives a threatening call and presses Malicious call (or enters the feature code *39 if using a POTS phone that is connected to an SCCP gateway). 2. Cisco Unified Communications Manager sends the user a confirmation tone and a text message, if the phone has a display, to acknowledge receiving the MCID notification. 3. Cisco Unified Communications Manager updates the call details record (CDR) for the call with an indication that the call is registered as a malicious call. 4. Cisco Unified Communications Manager generates the alarm and local syslogs entry that contains the event information. 5. Cisco Unified Communications Manager sends an MCID invocation through the facility message to the connected network. The facility information element (IE) encodes the MCID invocation. 6. After receiving this notification, the PSTN or other connected network can take actions, such as providing legal authorities with the call information. Malicious Call Identification Prerequisites • Gateways and connections that support MCID: • PRI gateways that use the MGCP PRI backhaul interface for T1 (NI2) and E1 (ETSI) connections • H.323 trunks and gateways Feature Configuration Guide for Cisco Unified Communications Manager, Release 15 and SUs 483