Cisco Cisco Web Security Appliance S160 Guía Del Usuario
Chapter 22 Monitoring
Anti-Malware Page
22-8
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
•
Monitor > Web Site Activity page — This page shows the Web Site Activity
report, which includes the following information:
report, which includes the following information:
–
Top five sites by high-risk transactions detected. A high-risk transaction
is any monitored or blocked transaction.
is any monitored or blocked transaction.
–
Top five sites by malware transactions detected.
The site details section at the bottom of the page lists all of the sites with
high-risk transactions. You can use column headings to sort the data and each
URL links to the Web Site Detail page.
high-risk transactions. You can use column headings to sort the data and each
URL links to the Web Site Detail page.
•
Web Site Detail page — This page shows the high-risk transactions for the
site in a trend graph that uses a different color for each type of high-risk
transaction.
site in a trend graph that uses a different color for each type of high-risk
transaction.
The Summary tab shows the same information as the trend graph, but in table
format. It shows the transactions blocked by URL filtering, transactions
blocked by Web Reputation Filters, transactions detected by Anti-Malware
scanning, other blocked transactions, total high-risk transactions, and URL
categories of the site. The All tab displays bandwidth saved by blocking and
includes detail about transactions detected by Anti-Malware scanning.
format. It shows the transactions blocked by URL filtering, transactions
blocked by Web Reputation Filters, transactions detected by Anti-Malware
scanning, other blocked transactions, total high-risk transactions, and URL
categories of the site. The All tab displays bandwidth saved by blocking and
includes detail about transactions detected by Anti-Malware scanning.
The Other Blocked Transactions column displays transactions blocked by a
policy rule. This data includes the following conditions:
policy rule. This data includes the following conditions:
–
File size over limit
–
File type not allowed
–
User agent not allowed
–
Protocol not allowed
–
Authentication denied
–
Attempted HTTP tunneling (CONNECT) on disabled port
User agents blocked by a policy configuration are recorded as “other blocked
transactions.” Suspect user agents detected by the Anti-Malware DVS engine
are recorded as blocked by Anti-Malware scanning.
transactions.” Suspect user agents detected by the Anti-Malware DVS engine
are recorded as blocked by Anti-Malware scanning.
Anti-Malware Page
Use the following pages to monitor malware detected by the Anti-Malware DVS
engine:
engine: