Cisco Cisco Content Security Management Appliance M690 User Guide
5-26
AsyncOS 9.6 for Cisco Content Security Management Appliances User Guide
Chapter 5 Using Centralized Web Reporting and Tracking
Web Reporting Page Descriptions
If you have added your management appliance to the group, you can view the list of managed appliances
in the group by clicking the button on the Management Appliance > Centralized Services > Security
Appliances page.
in the group by clicking the button on the Management Appliance > Centralized Services > Security
Appliances page.
Appliances in the analysis group are identified by the File Analysis Client ID. To determine this
identifier for a particular appliance, look in the following location:
identifier for a particular appliance, look in the following location:
Related Topics
•
Client Malware Risk Report
The Web > Reporting > Client Malware Risk page is a security-related reporting page that can be used
to monitor client malware risk activity.
to monitor client malware risk activity.
From the Client Malware Risk page, a system administrator can see which of their users are encountering
the most blocks or warnings. Given the information gathered from this page, the administrator can click
on the user link to view what this user doing on the web that makes them run into so many blocks or
warnings and setting off more detections than the rest of the users on the network.
the most blocks or warnings. Given the information gathered from this page, the administrator can click
on the user link to view what this user doing on the web that makes them run into so many blocks or
warnings and setting off more detections than the rest of the users on the network.
Additionally, the Client Malware Risk page lists client IP addresses involved in frequent malware
connections, as identified by the L4 Traffic Monitor (L4TM). A computer that connects frequently to
malware sites may be infected with malware that is trying to connect to a central command and control
server and should be disinfected.
connections, as identified by the L4 Traffic Monitor (L4TM). A computer that connects frequently to
malware sites may be infected with malware that is trying to connect to a central command and control
server and should be disinfected.
Table 5-9
describes the information on the Client Malware Risk page.
Appliance
Location of File Analysis Client ID
Email Security
appliance
appliance
Advanced Settings for File Analysis section
on the Security Services > File Reputation and Analysis page.
on the Security Services > File Reputation and Analysis page.
Web Security
appliance
appliance
Advanced Settings for File Analysis section
on the Security Services > Anti-Malware and Reputation page.
on the Security Services > Anti-Malware and Reputation page.
Cisco Content
Security Management
appliance
Security Management
appliance
At the bottom of the Management Appliance > Centralized Services >
Security Appliances page.
Security Appliances page.
Table 5-9
Client Malware Risk Report Page Components
Section
Description
Time Range (drop-down list)
A menu that allows you to choose the time range of the data
contained in the report. For more information, see
contained in the report. For more information, see
Web Proxy: Top Clients Monitored or
Blocked
Blocked
This chart displays the top ten users that have encountered a
malware risk.
malware risk.
L4 Traffic Monitor: Malware
Connections Detected
Connections Detected
This chart displays the IP addresses of the ten computers in your
organization that most frequently connect to malware sites.
organization that most frequently connect to malware sites.
This chart is the same as the “Top Client IPs” chart on the
information and chart options.