Cisco Cisco Web Security Appliance S190 Guía Del Usuario
22-7
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
Chapter 22 Monitoring
Web Site Activity Page
•
Monitor > Clients > Client Malware Risk page — This page shows the Client
Malware Risk report, which includes the following information:
Malware Risk report, which includes the following information:
–
Web Proxy top clients by malware risk (number of transactions)
–
L4 Traffic Monitor top clients by malware risk (number of connections)
The client details at the bottom of the page display the same data as the
graphs, but for all clients and in table format. In addition, the All tab for Web
Proxy transactions provides information about the bandwidth that was saved
by blocking, and it shows how many monitored and blocked malware
transactions were detected at request time or detected at response time.
graphs, but for all clients and in table format. In addition, the All tab for Web
Proxy transactions provides information about the bandwidth that was saved
by blocking, and it shows how many monitored and blocked malware
transactions were detected at request time or detected at response time.
The user ID’s and client IP addresses are interactive and link to a Client Detail
page that provides detailed information respective to each client.
page that provides detailed information respective to each client.
•
Client Detail page — This page shows all the web activity and malware risk
data for a particular client during the specified time range. It includes the
following information:
data for a particular client during the specified time range. It includes the
following information:
–
Completed and blocked web transactions
–
Web Proxy monitored and blocked malware transactions
–
L4 Traffic Monitor malware connections
–
URL categories matched
–
Malware threats detected
–
Suspect user agents detected
Note
The client reports sometimes show a user with an asterisk (*) at the end of the user
name. For example, the Client Web Activity report might show an entry for both
“jsmith” and “jsmith*”. User names listed with an asterisk (*) indicate the user
name provided by the user, but not confirmed by the authentication server. This
happens when the authentication server was not available at the time and the
appliance is configured to permit traffic when authentication service is
unavailable.
name. For example, the Client Web Activity report might show an entry for both
“jsmith” and “jsmith*”. User names listed with an asterisk (*) indicate the user
name provided by the user, but not confirmed by the authentication server. This
happens when the authentication server was not available at the time and the
appliance is configured to permit traffic when authentication service is
unavailable.
Web Site Activity Page
Use the following pages to monitor high-risk web sites accessed during a specific
time range:
time range: