Cisco Cisco Content Security Management Appliance M160 Guía Del Usuario
5-24
AsyncOS 8.3 for Cisco Content Security Management User Guide
Chapter 5 Using Centralized Web Reporting and Tracking
Web Reporting Page Descriptions
Tip
To customize your view of this report, see
.
Adjusting Web Reputation Settings
Based on your report results, you may want to adjust the configured web reputation settings, for example
adjust the threshold scores or enable or disable Adaptive Scanning. For specific information about
configuring web reputation settings, see the online help or user guide for your Web Security appliance.
adjust the threshold scores or enable or disable Adaptive Scanning. For specific information about
configuring web reputation settings, see the online help or user guide for your Web Security appliance.
L4 Traffic Monitor Report
The Web > Reporting> L4 Traffic Monitor page displays information about malware ports and
malware sites that the L4 Traffic Monitors on your Web Security appliances have detected during the
specified time range. It also displays IP addresses of clients that frequently encounter malware sites.
malware sites that the L4 Traffic Monitors on your Web Security appliances have detected during the
specified time range. It also displays IP addresses of clients that frequently encounter malware sites.
The L4 Traffic Monitor listens to network traffic that comes in over all ports on each Web Security
appliance and matches domain names and IP addresses against entries in its own database tables to
determine whether to allow incoming and outgoing traffic.
appliance and matches domain names and IP addresses against entries in its own database tables to
determine whether to allow incoming and outgoing traffic.
You can use data in this report to determine whether to block a port or a site, or to investigate why a
particular client IP address is connecting unusually frequently to a malware site (for example, this could
be because the computer associated with that IP address is infected with malware that is trying to connect
to a central command and control server.)
particular client IP address is connecting unusually frequently to a malware site (for example, this could
be because the computer associated with that IP address is infected with malware that is trying to connect
to a central command and control server.)
Tip
To customize your view of this report, see
.
Web Reputation Threat Types by
Scanned Further Transactions
Scanned Further Transactions
If Adaptive Scanning is enabled, this section displays the number
of potentially threatening transactions caught.
of potentially threatening transactions caught.
If Adaptive Scanning is not enabled, this section displays the Web
Reputation type that has been blocked and due to this action,
needs to be scanned further. If the result of Web Reputation
filtering is to ‘Scan Further’, the transaction is passed to the
Anti-Malware tool for additional scanning.
Reputation type that has been blocked and due to this action,
needs to be scanned further. If the result of Web Reputation
filtering is to ‘Scan Further’, the transaction is passed to the
Anti-Malware tool for additional scanning.
Web Reputation Actions
(Breakdown by Score)
(Breakdown by Score)
If Adaptive Scanning is not enabled, this interactive table
displays the Web Reputation scores broken down for each action.
displays the Web Reputation scores broken down for each action.
Table 5-10
Details on the Web > Reporting > Web Reputation Filters Page
Section
Description