Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
17-13
Cisco AsyncOS 9.5 for Email User Guide
Chapter 17 File Reputation Filtering and File Analysis
File Reputation and File Analysis Reporting and Tracking
In most reports, files are listed by their SHA-256 value (in an abbreviated format).
File Reputation and File Analysis Report Pages
Report Description
Advanced Malware
Protection
Protection
Shows file-based threats that were identified by the file reputation service.
For files with changed verdicts, see the AMP Verdict updates report. Those
verdicts are not reflected in the Advanced Malware Protection report.
verdicts are not reflected in the Advanced Malware Protection report.
Note
If one of the extracted files from a compressed or an archive file is
malicious, only SHA value of the compressed or archive file is
included in the Advanced Malware Protection report.
malicious, only SHA value of the compressed or archive file is
included in the Advanced Malware Protection report.
File Analysis
Displays the time and verdict (or interim verdict) for each file sent for
analysis.
analysis.
Files that are whitelisted on the Cisco AMP Threat Grid appliance show as
"clean." For information about whitelisting, see the AMP Threat Grid online
help.
"clean." For information about whitelisting, see the AMP Threat Grid online
help.
To view more than 1000 File Analysis results, export the data as a .csv file.
Drill down to view detailed analysis results, including the threat
characteristics for each file.
characteristics for each file.
You can also view additional details about an SHA directly on the AMP
Threat Grid appliance or server that performed the analysis by searching for
the SHA or by clicking the Cisco AMP Threat Grid link at the bottom of the
file analysis details page. Available details may differ depending on whether
you click the link from the appliance that sent the file for analysis or from
another appliance.
Threat Grid appliance or server that performed the analysis by searching for
the SHA or by clicking the Cisco AMP Threat Grid link at the bottom of the
file analysis details page. Available details may differ depending on whether
you click the link from the appliance that sent the file for analysis or from
another appliance.
Note
If extracted files from a compressed or an archive file are sent for file
analysis, only SHA values of these extracted files are included in the
File Analysis report.
analysis, only SHA values of these extracted files are included in the
File Analysis report.
AMP Verdict Updates
Lists the files processed by this appliance for which the verdict has changed
since the message was received. For information about this situation, see
since the message was received. For information about this situation, see
.
To view more than 1000 verdict updates, export the data as a .csv file.
In the case of multiple verdict changes for a single SHA-256, this report
shows only the latest verdict, not the verdict history.
shows only the latest verdict, not the verdict history.
To view all affected messages for a particular SHA-256 within the maximum
available time range (regardless of the time range selected for the report) click
a SHA-256 link.
available time range (regardless of the time range selected for the report) click
a SHA-256 link.