Cisco Cisco Content Security Management Appliance M390 Guía Del Usuario
4-23
AsyncOS 9.6 for Cisco Content Security Management Appliances User Guide
Chapter 4 Using Centralized Email Security Reporting
Understanding the Email Reporting Pages
Searching for a Specific Internal User
With the search form at the bottom of the Internal Users page and the Internal User detail page, you can
search for a specific internal user (email address). Select whether to exactly match the search text or look
for items starting with the entered text (for example, starts with “ex” will match
“example@example.com”).
search for a specific internal user (email address). Select whether to exactly match the search text or look
for items starting with the entered text (for example, starts with “ex” will match
“example@example.com”).
DLP Incidents
The Email > Reporting > DLP Incidents (DLP Incident Summary) page shows information on the
incidents of data loss prevention (DLP) policy violations occurring in outgoing mail. The Email Security
appliance uses the DLP email policies enabled in the Outgoing Mail Policies table to detect sensitive
data sent by your users. Every occurrence of an outgoing message violating a DLP policy is reported as
an incident.
incidents of data loss prevention (DLP) policy violations occurring in outgoing mail. The Email Security
appliance uses the DLP email policies enabled in the Outgoing Mail Policies table to detect sensitive
data sent by your users. Every occurrence of an outgoing message violating a DLP policy is reported as
an incident.
Using the DLP Incident Summary report, you can answer these kinds of questions:
•
What type of sensitive data is being sent by your users?
•
How severe are these DLP incidents?
•
How many of these messages are being delivered?
•
How many of these messages are being dropped?
•
Who is sending these messages?
The DLP Incident Summary page contains two main sections:
•
the DLP incident trend graphs summarizing the top DLP incidents by severity (Low, Medium, High,
Critical) and policy matches,
Critical) and policy matches,
•
the DLP Incident Details listing
Table 4-8
Details on the Email > Reporting > DLP Incident Summary Page
Section
Description
Time Range (drop-down list)
A drop-down list that can range from a day to 90 days or a
custom range. For more information on time ranges and
customizing this for your needs, see the
custom range. For more information on time ranges and
customizing this for your needs, see the
.
Top Incidents by Severity
The top DLP incidents listed by severity.
Incident Summary
The DLP policies currently enabled for each email appliance’s
outgoing mail policies are listed in the DLP Incident Details
interactive table at the bottom of the DLP Incident Summary
page. Click the name of a DLP policy to view more detailed
information.
outgoing mail policies are listed in the DLP Incident Details
interactive table at the bottom of the DLP Incident Summary
page. Click the name of a DLP policy to view more detailed
information.