Cisco Cisco Web Security Appliance S680 Guía Del Usuario
23-24
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 23 Web Security Appliance Reports
L4 Traffic Monitor Page
describes the information on the Web Reputation Filters page.
L4 Traffic Monitor Page
The Reporting > L4 Traffic Monitor page is a security-related reporting page that displays information
about malware ports and malware sites that the L4 Traffic Monitor has detected during the specified time
range. It also displays IP addresses of clients that frequently encounter malware sites.
about malware ports and malware sites that the L4 Traffic Monitor has detected during the specified time
range. It also displays IP addresses of clients that frequently encounter malware sites.
The L4 Traffic Monitor listens to network traffic that comes in over all ports on the appliance and
matches domain names and IP addresses against entries in its own database tables to determine whether
to allow incoming and outgoing traffic.
matches domain names and IP addresses against entries in its own database tables to determine whether
to allow incoming and outgoing traffic.
You can use data in this report to determine whether to block a port or a site, or to investigate why a
particular client IP address is connecting unusually frequently to a malware site (for example, this could
be because the computer associated with that IP address is infected with malware that is trying to connect
to a central command and control server.)
particular client IP address is connecting unusually frequently to a malware site (for example, this could
be because the computer associated with that IP address is infected with malware that is trying to connect
to a central command and control server.)
shows the L4 Traffic Monitor page.
Table 23-9
Web Reputation Filters Report Page Components
Section
Description
Time Range (drop-down list)
A menu that allows to choose the time range of the data contained
in the report. For more information, see the
in the report. For more information, see the
.
Web Reputation Actions (Trend)
This section, in graph format, displays the total number of web
reputation actions (vertical) against the time specified (horizontal
timeline). From this you can see potential trends over time for
web reputation actions.
reputation actions (vertical) against the time specified (horizontal
timeline). From this you can see potential trends over time for
web reputation actions.
Web Reputation Actions (Volume)
This section displays the web reputation action volume in
percentages by transactions.
percentages by transactions.
Web Reputation Threat Types by
Blocked Transactions
Blocked Transactions
This section displays the threat types that were blocked due to a
low reputation score.
low reputation score.
Web Reputation Threat Types by
Scanned Further Transactions
Scanned Further Transactions
This section displays the threat types that resulted in a reputation
score that indicated to scan the transaction. It shows both
monitored and blocked transactions.
score that indicated to scan the transaction. It shows both
monitored and blocked transactions.
Web Reputation Actions
(Breakdown by Score)
(Breakdown by Score)
This interactive table displays the web reputation scores broken
down for each action.
down for each action.