Cisco Cisco Web Security Appliance S360 Data Sheet
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 3
Data Sheet
Cisco Advanced Web Security Reporting
Introduction
Cisco
®
Advanced Web Security Reporting Application is a reporting solution that rapidly indexes and analyzes logs
produced by Cisco Web Security Appliances (WSA) and Cisco Cloud Web Security (CWS). This tool provides
scalable reporting for customers with high traffic and storage needs. It allows reporting administrators to gather
detailed insight into web usage and malware threats.
Directory-Group-Based Reporting
With Advanced Web Security Reporting Application, administrators can generate reports based on a group or user
ID, as defined within a central authentication server such as Active Directory. Reports can be created easily along
functional or geographical boundaries that have been defined by the authentication groups. Roles can be created
to allow managers to view reports only for a defined set of directory groups (such as the groups that they manage),
protecting the privacy of individuals who are not within those groups.
Detailed Layer 4 Traffic Monitor Visibility
Administrators can run reports on activities on nonweb ports. These Layer 4 Traffic Monitor (L4TM) reports connect
hosts associated with particular ports and users, and they can be used to identify malicious behavior on
nonstandard ports - behavior that would evade many traditional web-security solutions.
SOCKS Reporting
For customers using Socket Secure (SOCKS) proxy settings, administrators get information about SOCKS traffic.
Historical Data Import
Historical logs can be imported during forensic investigations. Logs from any time period can be imported into the
reporting tool for analysis, allowing human resources and legal personnel to conduct forensic investigations
spanning several years. Administrators can focus on a specific user’s web activity, if needed.
spanning several years. Administrators can focus on a specific user’s web activity, if needed.
Advanced Malware Protection Reporting
Featuring file reputation scoring and blocking, static and dynamic file analysis (sandboxing), and file retrospection
for the continuous analysis of threats, even after they have traversed the WSA and CWS. This reporting application
consolidates data provided by the Cisco Advanced Malware Protection solution that produces a single pane of
glass for even richer analysis for administrators to gather more detailed insight into web usage and malware
threats.
Who Should Use Web Reporting?
Built-in reporting capabilities on Cisco Web Security and Security Management Appliances fulfill the reporting
needs of most Cisco customers. Advanced Web Security Reporting is an alternative reporting solution for
customers who need extended storage for high transaction volumes or directory-group-based reporting. It also
serves as a “single pane of glass” for customers who have deployed a hybrid web security solution. The Cisco Web
serves as a “single pane of glass” for customers who have deployed a hybrid web security solution. The Cisco Web
Reporting report format is identical to reports already available on Cisco S-Series and M-Series appliances.