Cisco Cisco Content Security Management Appliance M160 Guía Del Usuario
5-24
AsyncOS 9.0 for Cisco Content Security Management Appliances User Guide
Chapter 5 Using Centralized Web Reporting and Tracking
Web Reporting Page Descriptions
Viewing File Reputation Filtering Data in Other Reports
Data for file reputation and analysis is available in other reports where relevant. A "Blocked by
Advanced Malware Protection" column may be hidden by default in applicable reports. To display
additional columns, click the Columns link below the table.
Advanced Malware Protection" column may be hidden by default in applicable reports. To display
additional columns, click the Columns link below the table.
The Report by User Location includes an Advanced Malware Protection tab.
Client Malware Risk Report
The Web > Reporting > Client Malware Risk page is a security-related reporting page that can be used
to monitor client malware risk activity.
to monitor client malware risk activity.
From the Client Malware Risk page, a system administrator can see which of their users are encountering
the most blocks or warnings. Given the information gathered from this page, the administrator can click
on the user link to view what this user doing on the web that makes them run into so many blocks or
warnings and setting off more detections than the rest of the users on the network.
the most blocks or warnings. Given the information gathered from this page, the administrator can click
on the user link to view what this user doing on the web that makes them run into so many blocks or
warnings and setting off more detections than the rest of the users on the network.
Additionally, the Client Malware Risk page lists client IP addresses involved in frequent malware
connections, as identified by the L4 Traffic Monitor (L4TM). A computer that connects frequently to
malware sites may be infected with malware that is trying to connect to a central command and control
server and should be disinfected.
connections, as identified by the L4 Traffic Monitor (L4TM). A computer that connects frequently to
malware sites may be infected with malware that is trying to connect to a central command and control
server and should be disinfected.
describes the information on the Client Malware Risk page.
Table 5-9
Client Malware Risk Report Page Components
Section
Description
Time Range (drop-down list)
A menu that allows you to choose the time range of the data
contained in the report. For more information, see
contained in the report. For more information, see
Web Proxy: Top Clients Monitored or
Blocked
Blocked
This chart displays the top ten users that have encountered a
malware risk.
malware risk.
L4 Traffic Monitor: Malware
Connections Detected
Connections Detected
This chart displays the IP addresses of the ten computers in your
organization that most frequently connect to malware sites.
organization that most frequently connect to malware sites.
This chart is the same as the “Top Client IPs” chart on the
information and chart options.