Cisco Cisco Content Security Management Appliance M1070 Guía Del Usuario
4-43
AsyncOS 9.6 for Cisco Content Security Management Appliances User Guide
Chapter 4 Using Centralized Email Security Reporting
About Scheduled and On-Demand Email Reports
Domain-Based Executive Summary Reports and Messages Blocked by Sender Reputation Filtering
Because messages blocked by sender reputation filtering do not enter the work queue, AsyncOS does
not process these messages to determine the domain destination. An algorithm estimates the number of
rejected messages per domain. To determine the exact number of blocked messages per domain, you can
delay HAT rejections on the Security Management appliance until the messages reach the recipient level
(RCPT TO). This allows AsyncOS to collect recipient data from the incoming messages. You can delay
rejections using listenerconfig -> setup command on the Email Security appliance. However, this option
can impact system performance. For more information about delayed HAT rejections, see the
documentation for your Email Security appliance.
not process these messages to determine the domain destination. An algorithm estimates the number of
rejected messages per domain. To determine the exact number of blocked messages per domain, you can
delay HAT rejections on the Security Management appliance until the messages reach the recipient level
(RCPT TO). This allows AsyncOS to collect recipient data from the incoming messages. You can delay
rejections using listenerconfig -> setup command on the Email Security appliance. However, this option
can impact system performance. For more information about delayed HAT rejections, see the
documentation for your Email Security appliance.
Note
To see Stopped by Reputation Filtering results in your Domain-Based Executive Summary report on the
Security Management appliance, you must have hat_reject_info enabled on both the Email Security
appliance and the Security Management appliance.
Security Management appliance, you must have hat_reject_info enabled on both the Email Security
appliance and the Security Management appliance.
To enable the hat_reject_info on the Security Management appliance, run the reportingconfig >
domain > hat_reject_info command.
domain > hat_reject_info command.
Managing Lists of Domains and Recipients for Domain-Based Executive Summary Reports
You can use a configuration file to manage the domains and recipients for a Domain-Based Executive
Summary report. The configuration file is a text file that is stored in the configuration directory of the
appliance. Each line in the file produces a separate report. This allows you to include a large number of
domains and recipients in a single report, as well as define multiple domain reports in a single
configuration file.
Summary report. The configuration file is a text file that is stored in the configuration directory of the
appliance. Each line in the file produces a separate report. This allows you to include a large number of
domains and recipients in a single report, as well as define multiple domain reports in a single
configuration file.
Each line of the configuration file includes a space-separated list of domain names and a space-separated
list of email addresses for the report recipients. A comma separates the list of domain names from the
list of email addresses. You can include subdomains by appending the subdomain name and a period at
the beginning of the parent domain name, such as subdomain.example.com.
list of email addresses for the report recipients. A comma separates the list of domain names from the
list of email addresses. You can include subdomains by appending the subdomain name and a period at
the beginning of the parent domain name, such as subdomain.example.com.
The following is a Single Report configuration file that generates three reports.
yourdomain.com sampledomain.com, admin@yourdomain.com
sampledomain.com, admin@yourdomain.com user@sampledomain.com
subdomain.example.com mail.example.com, user@example.com
Note
You can use a configuration file and the settings defined for a single named report to generate multiple
reports at the same time. For example, a company named Bigfish purchases two other companies,
Redfish and Bluefish, and continues to maintain their domains. Bigfish creates a single Domain-Based
Executive Summary report using a configuration file containing three lines corresponding to separate
domain reports. When the appliance generates a Domain-Based Executive Summary report, an
administrator for Bigfish receives a report on the Bigfish.com, Redfish.com, and Bluefish.com domains,
while a Redfish administrator receives a report on the Redfish.com domain and a Bluefish administrator
receives a report on the Bluefish.com domain.
reports at the same time. For example, a company named Bigfish purchases two other companies,
Redfish and Bluefish, and continues to maintain their domains. Bigfish creates a single Domain-Based
Executive Summary report using a configuration file containing three lines corresponding to separate
domain reports. When the appliance generates a Domain-Based Executive Summary report, an
administrator for Bigfish receives a report on the Bigfish.com, Redfish.com, and Bluefish.com domains,
while a Redfish administrator receives a report on the Redfish.com domain and a Bluefish administrator
receives a report on the Bluefish.com domain.
You can upload a different configuration file to the appliance for each named report. You can also use
the same configuration file for multiple reports. For example, you might create separate named reports
that provide data about the same domains over different time periods. If you update a configuration file
on your appliance, you do not have to update the report settings in the GUI unless you change the
filename.
the same configuration file for multiple reports. For example, you might create separate named reports
that provide data about the same domains over different time periods. If you update a configuration file
on your appliance, you do not have to update the report settings in the GUI unless you change the
filename.