Cisco Cisco Web Security Appliance S670 User Guide

Monitor > Clients > Client Malware Risk page — This page shows the Client 
Malware Risk report, which includes the following information:

Web Proxy top clients by malware risk (number of transactions)

L4 Traffic Monitor top clients by malware risk (number of connections)

The client details at the bottom of the page display the same data as the 
graphs, but for all clients and in table format. In addition, the All tab for Web 
Proxy transactions provides information about the bandwidth that was saved 
by blocking, and it shows how many monitored and blocked malware 
transactions were detected at request time or detected at response time.

The user ID’s and client IP addresses are interactive and link to a Client Detail 
page that provides detailed information respective to each client.

Client Detail page — This page shows all the web activity and malware risk 
data for a particular client during the specified time range. It includes the 
following information:

Completed and blocked web transactions

Web Proxy monitored and blocked malware transactions

L4 Traffic Monitor malware connections

URL categories matched

Malware threats detected

Suspect user agents detected

The client reports sometimes show a user with an asterisk (*) at the end of the user 
name. For example, the Client Web Activity report might show an entry for both 
“jsmith” and “jsmith*”. User names listed with an asterisk (*) indicate the user 
name provided by the user, but not confirmed by the authentication server. This 
happens when the authentication server was not available at the time and the 
appliance is configured to permit traffic when authentication service is 
unavailable.

Use the following pages to monitor high-risk web sites accessed during a specific 
time range: