Cisco Cisco Content Security Management Appliance M160 Guía Del Usuario
4-30
AsyncOS 8.3 for Cisco Content Security Management User Guide
Chapter 4 Using Centralized Email Security Reporting
Understanding the Email Reporting Pages
affected your appliance. Local outbreak data does not include non-viral threats. Global outbreak data
represents all outbreaks detected by the Threat Operations Center which exceeded the currently
configured threshold for the outbreak quarantine. Local outbreak data represents all virus outbreaks
detected on this appliance which exceeded the currently configured threshold for the outbreak
quarantine. The Total Local Protection Time is always based on the difference between when each virus
outbreak was detected by the Threat Operations Center and the release of an anti-virus signature by a
major vendor. Note that not every global outbreak affects your appliance. A value of “--” indicates either
a protection time does not exist, or the signature times were not available from the anti-virus vendors
(some vendors may not report signature times). This does not indicate a protection time of zero, rather
it means that the information required to calculate the protection time is not available.
represents all outbreaks detected by the Threat Operations Center which exceeded the currently
configured threshold for the outbreak quarantine. Local outbreak data represents all virus outbreaks
detected on this appliance which exceeded the currently configured threshold for the outbreak
quarantine. The Total Local Protection Time is always based on the difference between when each virus
outbreak was detected by the Threat Operations Center and the release of an anti-virus signature by a
major vendor. Note that not every global outbreak affects your appliance. A value of “--” indicates either
a protection time does not exist, or the signature times were not available from the anti-virus vendors
(some vendors may not report signature times). This does not indicate a protection time of zero, rather
it means that the information required to calculate the protection time is not available.
The Quarantined Messages section summarizes Outbreak Filters quarantining, and is a useful gauge of
how many potential threat messages Outbreak Filters are catching. Quarantined messages are counted at
time of release. Typically, messages will be quarantined before anti-virus and anti-spam rules are
available. When released, they will be scanned by the anti-virus and anti-spam software and determined
to be positive or clean. Because of the dynamic nature of Outbreak tracking, the rule under which a
message is quarantined (and even the associated outbreak) may change while the message is in the
quarantine. Counting the messages at the time of release (rather than the time of entry into the
quarantine) avoids the confusion of having counts that increase and decrease.
how many potential threat messages Outbreak Filters are catching. Quarantined messages are counted at
time of release. Typically, messages will be quarantined before anti-virus and anti-spam rules are
available. When released, they will be scanned by the anti-virus and anti-spam software and determined
to be positive or clean. Because of the dynamic nature of Outbreak tracking, the rule under which a
message is quarantined (and even the associated outbreak) may change while the message is in the
quarantine. Counting the messages at the time of release (rather than the time of entry into the
quarantine) avoids the confusion of having counts that increase and decrease.
The Threat Details listing displays information about specific outbreaks, including the threat category
(virus, scam, or phishing), threat name, a description of the threat, and the number of messages
identified. For virus outbreaks, the Past Year Virus Outbreaks include the Outbreak name and ID, time
and date a virus outbreak was first seen globally, the protection time provided by Outbreak filters, and
the number of quarantined messages. You can choose whether to view global or local outbreaks.
(virus, scam, or phishing), threat name, a description of the threat, and the number of messages
identified. For virus outbreaks, the Past Year Virus Outbreaks include the Outbreak name and ID, time
and date a virus outbreak was first seen globally, the protection time provided by Outbreak filters, and
the number of quarantined messages. You can choose whether to view global or local outbreaks.
The First Seen Globally time is determined by the Threat Operations Center, based on data from the
SenderBase, the world’s largest email and web traffic monitoring network. The Protection Time is based
on the difference between when each threat was detected by the Threat Operations Center and the release
of an anti-virus signature by a major vendor.
SenderBase, the world’s largest email and web traffic monitoring network. The Protection Time is based
on the difference between when each threat was detected by the Threat Operations Center and the release
of an anti-virus signature by a major vendor.
A value of “--” indicates either a protection time does not exist, or the signature times were not available
from the anti-virus vendors (some vendors may not report signature times). This does not indicate a
protection time of zero. Rather, it means that the information required to calculate the protection time is
not available.
from the anti-virus vendors (some vendors may not report signature times). This does not indicate a
protection time of zero. Rather, it means that the information required to calculate the protection time is
not available.
Other modules on this page provide:
•
The number of incoming messages processed by Outbreak Filters in the selected time period.
Non-viral threats include phishing emails, scams, and malware distribution using links to an external
website.
website.
•
Severity of threats caught by Outbreak Filters.
Level 5 threats are severe in scope or impact, while Level 1 represents low threat risk. For
descriptions of threat levels, see the online help or user guide for your Email Security appliance.
descriptions of threat levels, see the online help or user guide for your Email Security appliance.
•
Length of time messages spent in the Outbreak Quarantine.
This duration is determined by the time it takes the system to compile enough data about the
potential threat to make a verdict on its safety. Messages with viral threats typically spend more time
in the quarantine than those with non-viral threats, because they must wait for anti-virus program
updates. The maximum retention time that you specify for each mail policy is also reflected.
potential threat to make a verdict on its safety. Messages with viral threats typically spend more time
in the quarantine than those with non-viral threats, because they must wait for anti-virus program
updates. The maximum retention time that you specify for each mail policy is also reflected.
•
The URLs most frequently rewritten to redirect message recipients to the Cisco Web Security Proxy
for click-time evaluation of the site if and when the recipient clicks a potentially malicious link in a
message.
for click-time evaluation of the site if and when the recipient clicks a potentially malicious link in a
message.
This list may include URLs that are not malicious, because if any URL in a message is deemed
malicious, then all URLs in the message are rewritten.
malicious, then all URLs in the message are rewritten.