Cisco Cisco Web Security Appliance S670 User Guide

Information about File Analysis, including analysis results and whether or not a file was sent for 
analysis, are available only in the File Analysis report. 

Additional information about an analyzed file may be available from the cloud. To view any 
available File Analysis information for a file, select Reporting > File Analysis and enter the 
SHA-256 to search for the file, or click the SHA-256 link in Web Tracking details. If the File 
Analysis service has analyzed the file from any source, you can see the details. Results are displayed 
only for files that have been analyzed. 

If the appliance processed a subsequent instance of a file that was sent for analysis, those instances 
will appear in Web Tracking search results. 

View the AMP Verdict Updates report. 

Click the relevant SHA-256 link to view web tracking data for all transactions involving that file that 
end users were allowed to access. 

Using the tracking data, identify the users that may have been compromised, as well as information such 
as the file names involved in the breach and the web site from which the file was downloaded. 

Check the File Analysis report to see if this SHA-256 was sent for analysis, to understand the threat 
behavior of the file in more detail. 

 

In logs: 

AMP

 and 

amp

 refer to the file reputation service or engine.

Retrospective

 refers to verdict updates. 

VRT

 and 

sandboxing 

refer to the file analysis service.