Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
27-8
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 27 Using Email Security Monitor
Email Security Monitor Pages
Incoming Mail Page
The Incoming Mail page provides a mechanism to report on the real-time information being collected
by the Email Security Monitor feature for all remote hosts connecting to your appliance. This allows you
to gather more information about an IP address, domain, and organization (network owner) sending mail
to you. You can perform a Sender Profile search on IP addresses, domains, or organizations that have
sent mail to you.
by the Email Security Monitor feature for all remote hosts connecting to your appliance. This allows you
to gather more information about an IP address, domain, and organization (network owner) sending mail
to you. You can perform a Sender Profile search on IP addresses, domains, or organizations that have
sent mail to you.
The Incoming Mail page has three views: Domain, IP Address, and Network Owner and provides a
snapshot of the remote hosts connecting to the system in the context of the selected view.
snapshot of the remote hosts connecting to the system in the context of the selected view.
It displays a table (Incoming Mail Details) of the top domains (or IP addresses, or network owners,
depending on the view) that have sent mail to all public listeners configured on the appliance. You can
monitor the flow of all mail into your gateway. You can click on any domain/IP/network owner to drill
down to access details about this sender on a Sender Profile page (this is an Incoming Mail page, specific
to the domain/IP/network owner you clicked on).
depending on the view) that have sent mail to all public listeners configured on the appliance. You can
monitor the flow of all mail into your gateway. You can click on any domain/IP/network owner to drill
down to access details about this sender on a Sender Profile page (this is an Incoming Mail page, specific
to the domain/IP/network owner you clicked on).
Not all available columns are displayed by default. You can show a different set of information by
clicking the Columns link below the table. For example, you can show the "Detected by Advanced
Malware Protection" column, which is hidden by default.
clicking the Columns link below the table. For example, you can show the "Detected by Advanced
Malware Protection" column, which is hidden by default.
The Incoming Mail page extends to include a group of pages (Incoming Mail, Sender Profiles, and the
Sender Group Report). From the Incoming Mail pages, you can:
Sender Group Report). From the Incoming Mail pages, you can:
•
Perform a search on IP addresses, domains, or organizations (network owners) that have sent mail
to you.
to you.
•
View the Sender Groups report to see connections via a specific sender group and mail flow policy
actions. See
actions. See
for more information.
•
See detailed statistics on senders which have sent mail to you, including the number of attempted
messages broken down by security service (sender reputation filtering, anti-spam, anti-virus, etc.).
messages broken down by security service (sender reputation filtering, anti-spam, anti-virus, etc.).
•
Sort by senders who have sent you a high volume of spam or virus email, as determined by anti-spam
or anti-virus security services.
or anti-virus security services.
•
Use the SenderBase Reputation service to drill down on and examine the relationship between
specific IP addresses, domains, and organizations to obtain more information about a sender.
specific IP addresses, domains, and organizations to obtain more information about a sender.
•
Drill down on specific senders to obtain more information about a sender from the SenderBase
Reputation Service, including a sender’s SenderBase Reputation Score and which sender group the
domain matched most recently. Add senders to sender groups.
Reputation Service, including a sender’s SenderBase Reputation Score and which sender group the
domain matched most recently. Add senders to sender groups.
•
Drill down on a specific sender who sent a high volume of spam or virus email, as determined by
the anti-spam or anti-virus security services.
the anti-spam or anti-virus security services.
•
Once you have gathered information on a domain, you can add the IP address, domain, or
organization to an existing sender group (if necessary) by clicking “Add to Sender Group” from a
domain, IP address, or network owner profile page. See
organization to an existing sender group (if necessary) by clicking “Add to Sender Group” from a
domain, IP address, or network owner profile page. See
Incoming Mail
The Incoming Mail page provides access to real-time activity of all public listeners configured on your
system and is comprised of two main sections: the mail trend graphs summarizing the top domains
received (by total threat messages and by total clean messages) and the Incoming Mail Details listing.
system and is comprised of two main sections: the mail trend graphs summarizing the top domains
received (by total threat messages and by total clean messages) and the Incoming Mail Details listing.
See
for an explanation of the data included in the Incoming
Mail Details listing.