Cisco Cisco Email Security Appliance C650 Guía Del Usuario
10-20
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 10 Outbreak Filters
Outbreak Filters Report
The Outbreak Filters report to view the current status and configuration of Outbreak Filters on your
Cisco IronPort appliance as well as information about recent outbreaks and messages quarantined due
to Outbreak Filters. View this information on the Monitor > Outbreak Filters page. For more
information, see the “Email Security Monitor” chapter in the Cisco IronPort AsyncOS for Email Daily
Management Guide.
Cisco IronPort appliance as well as information about recent outbreaks and messages quarantined due
to Outbreak Filters. View this information on the Monitor > Outbreak Filters page. For more
information, see the “Email Security Monitor” chapter in the Cisco IronPort AsyncOS for Email Daily
Management Guide.
Outbreak Filters Overview and Rules Listing
The overview and rules listing provide useful information about the current status of the Outbreak Filters
feature. View this information via the Security Services > Outbreak Filters page.
feature. View this information via the Security Services > Outbreak Filters page.
Outbreak Quarantine
Use the outbreak quarantine to monitor how many messages are being flagged by your Outbreak Filters
threat level threshold. Also available is a listing of quarantined messages by rule. View this information
via the Monitor > Local Quarantines > Outbreak link and the Manage Rule by Summary link on the
Monitor > Local Quarantines page. See the “Quarantines” chapter in the Cisco IronPort AsyncOS for
Email Daily Management Guide for more information.
threat level threshold. Also available is a listing of quarantined messages by rule. View this information
via the Monitor > Local Quarantines > Outbreak link and the Manage Rule by Summary link on the
Monitor > Local Quarantines page. See the “Quarantines” chapter in the Cisco IronPort AsyncOS for
Email Daily Management Guide for more information.
Alerts, SNMP Traps, and Outbreak Filters
The Outbreak Filters feature supports two different types of notifications: regular AsyncOS alerts and
SNMP traps.
SNMP traps.
SNMP traps are generated when a rule update fails. For more information about SNMP traps in
AsyncOS, see the “Managing and Monitoring via the CLI” chapter in the Cisco IronPort AsyncOS for
Email Daily Management Guide.
AsyncOS, see the “Managing and Monitoring via the CLI” chapter in the Cisco IronPort AsyncOS for
Email Daily Management Guide.
AsyncOS has two types of alerts for the Outbreak Filter feature: size and rule
AsyncOS alerts are generated whenever the Outbreak quarantine’s size goes above 5, 50, 75, and 95 of
the maximum size. The alert generated for the 95% threshold has a severity of CRITICAL, while the
remaining alert thresholds are WARNING. Alerts are generated when the threshold is crossed as the
quarantine size increases. Alerts are not generated when thresholds are crossed as the quarantine size
decreases. For more information about alerts, see
the maximum size. The alert generated for the 95% threshold has a severity of CRITICAL, while the
remaining alert thresholds are WARNING. Alerts are generated when the threshold is crossed as the
quarantine size increases. Alerts are not generated when thresholds are crossed as the quarantine size
decreases. For more information about alerts, see
AsyncOS also generates alerts when rules are published, the threshold changes, or when a problem
occurs while updating rules or the CASE engine.
occurs while updating rules or the CASE engine.
Troubleshooting The Outbreak Filters Feature
This section provides some basic troubleshooting tips for the Outbreak Filters feature.
Use the checkbox on the Manage Quarantine page for the Outbreak quarantine to notify Cisco of
mis-classifications.
mis-classifications.