Cisco Cisco Web Security Appliance S170 Guía Del Usuario
13-11
AsyncOS 8.5 for Cisco Web Security Appliances User Guide
Chapter 13 File Reputation Filtering and File Analysis
Troubleshooting File Reputation and Analysis
Step 2
Click the relevant SHA-256 link to view web tracking data for all transactions involving that file that
end users were allowed to access.
end users were allowed to access.
Step 3
Using the tracking data, identify the users that may have been compromised, as well as information such
as the file names involved in the breach and the web site from which the file was downloaded.
as the file names involved in the breach and the web site from which the file was downloaded.
Step 4
Check the File Analysis report to see if this SHA-256 was sent for analysis, to understand the threat
behavior of the file in more detail.
behavior of the file in more detail.
Related Topics
•
Troubleshooting File Reputation and Analysis
•
•
Log Files
In logs:
•
AMP
and
amp
refer to the file reputation service or engine.
•
Retrospective
refers to verdict updates.
•
VRT
and
sandboxing
refer to the file analysis service.
Advanced Malware Protection information is logged in Access Logs or in AMP Engine Logs. For more
information, see the chapter on monitoring system activity through logs.
information, see the chapter on monitoring system activity through logs.
Several Alerts About Failure to Connect to File Reputation or File Analysis
Servers
Problem
You receive several alerts about failures to connect to the file reputation or analysis services in
the cloud. (A single alert may indicate only a transient issue.)
Solution
•
Ensure that you have met the requirements in
.
•
Check for network issues that may prevent the appliance from communicating with the cloud
services.
services.
•
Increase the Query Timeout value:
Select Security Services > Anti-Malware and Reputation . The Query Timeout value is in the
Advanced settings area of the Advanced Malware Protection Services section.
Advanced settings area of the Advanced Malware Protection Services section.