Cisco Cisco Web Security Appliance S390 Betriebsanweisung
18-7
AsyncOS 8.1 for Cisco Web Security User Guide
Chapter 18 Web Security Appliance Reports
Web Reputation Filters Page
Web Reputation Filters Page
The Reporting > Web Reputation Filters page is a security-related reporting page that allows you to
view the results of your set Web Reputation Filters for transactions during a specified time range.
view the results of your set Web Reputation Filters for transactions during a specified time range.
L4 Traffic Monitor Page
The Reporting > L4 Traffic Monitor page is a security-related reporting page that displays information
about malware ports and malware sites that the L4 Traffic Monitor has detected during the specified time
range. It also displays IP addresses of clients that frequently encounter malware sites.
about malware ports and malware sites that the L4 Traffic Monitor has detected during the specified time
range. It also displays IP addresses of clients that frequently encounter malware sites.
The L4 Traffic Monitor listens to network traffic that comes in over all ports on the appliance and
matches domain names and IP addresses against entries in its own database tables to determine whether
to allow incoming and outgoing traffic.
matches domain names and IP addresses against entries in its own database tables to determine whether
to allow incoming and outgoing traffic.
Section
Description
Time Range (drop-down list)
A menu that allows to choose the time range of the data contained
in the report.
in the report.
Web Reputation Actions (Trend)
Displays the total number of web reputation actions (vertical)
against the time specified (horizontal timeline).
against the time specified (horizontal timeline).
Web Reputation Actions (Volume) Displays the web reputation action volume in percentages by
transactions.
Web Reputation Threat Types by
Blocked Transactions
Blocked Transactions
Displays the threat types that were blocked due to a low
reputation score.
reputation score.
Web Reputation Threat Types by
Scanned Further Transactions
Scanned Further Transactions
Displays the threat types that resulted in a reputation score that
indicated to scan the transaction.
indicated to scan the transaction.
Web Reputation Actions
(Breakdown by Score)
(Breakdown by Score)
Displays the web reputation scores broken down for each action.
Section
Description
Time Range (drop-down list)
A menu that allows you to choose a time range on which to report.
Top Client IPs
Displays, in graph format, the IP addresses of computers in your
organization that most frequently connect to malware sites.
organization that most frequently connect to malware sites.
Top Malware Sites
Displays, in graph format, the top malware domains detected by
the L4 Traffic Monitor.
the L4 Traffic Monitor.
Client Source IPs
Displays the IP addresses of computers in your organization that
frequently connect to malware sites.
frequently connect to malware sites.
Malware Ports
Displays the ports on which the L4 Traffic Monitor has most
frequently detected malware.
frequently detected malware.
Malware Sites Detected
Displays the domains on which the L4 Traffic Monitor most
frequently detects malware.
frequently detects malware.