Cisco Cisco Content Security Management Appliance M1070 Guía Del Usuario
4-29
AsyncOS 9.1 for Cisco Content Security Management Appliances User Guide
Chapter 4 Using Centralized Email Security Reporting
Understanding the Email Reporting Pages
Viewing File Reputation Filtering Data in Other Reports
Data for file reputation and analysis is available in other reports where relevant. A Detected by Advanced
Malware Protection column may be hidden by default in applicable reports. To display additional
columns, click the Columns link at the bottom of the table.
Malware Protection column may be hidden by default in applicable reports. To display additional
columns, click the Columns link at the bottom of the table.
TLS Connections Page
The Email > Reporting > TLS Connections page shows the overall usage of TLS connections for sent
and received mail. The report also shows details for each domain sending mail using TLS connections.
and received mail. The report also shows details for each domain sending mail using TLS connections.
The TLS Connections page can be used to determine the following information:
•
Overall, what portion of incoming and outgoing connections uses TLS?
•
Which partners do I have successful TLS connections with?
•
Which partners do I have unsuccessful TLS connections with?
•
Which partners have issue with their TLS certificates?
•
What percentage of overall mail with a partner uses TLS?
File Analysis
Displays the time and verdict (or interim verdict) for each file sent for
analysis.
analysis.
To view more than 1000 File Analysis results, export the data as a .csv file.
Drill down to view detailed analysis results, including the threat
characteristics for each file.
characteristics for each file.
You can also search the cloud service for additional information about an
SHA. The link is on the result details page.
SHA. The link is on the result details page.
To view File Analysis details, see
If a file extracted from a compressed or archived file is sent for analysis, only
the SHA value of the extracted file is included in the File Analysis report.
the SHA value of the extracted file is included in the File Analysis report.
AMP Verdict Updates
Because Advanced Malware Protection is focused on targeted and zero-day
threats, threat verdicts can change as aggregated data provides more
information.
threats, threat verdicts can change as aggregated data provides more
information.
The AMP Verdict Updates report lists the files processed by this appliance for
which the verdict has changed since the message was received. For more
information about this situation, see the documentation for your Email
Security appliance.
which the verdict has changed since the message was received. For more
information about this situation, see the documentation for your Email
Security appliance.
To view more than 1000 verdict updates, export the data as a .csv file.
In the case of multiple verdict changes for a single SHA-256, this report
shows only the latest verdict, not the verdict history.
shows only the latest verdict, not the verdict history.
To view all affected messages for a particular SHA-256 within the maximum
available time range (regardless of the time range selected for the report) click
a SHA-256 link.
available time range (regardless of the time range selected for the report) click
a SHA-256 link.
Report Description