Cisco Cisco Email Security Appliance C650 Guía Del Usuario
28-2
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 28 Using Email Security Monitor
Email Security Monitor Pages
See
for more information on Anti-Spam scanning and
for more information on anti-virus scanning.
The Email Security Monitor feature also captures information on which content filter a particular
message triggers, including the internal user (email recipient) to or from which the message was sent.
message triggers, including the internal user (email recipient) to or from which the message was sent.
The Email Security Monitor feature is available in the GUI only, and provides a view into your email
traffic and the status of your appliance (including quarantines, work queues, and outbreaks). The
appliance identifies when a sender falls outside of the normal traffic profile. Senders that do are
highlighted in the interface, allowing you to take corrective action by assigning that sender to a sender
group or refining the access profile of the sender; or, you can let AsyncOS’s security services continue
to react and respond. Outbound mail has a similar monitoring capability, providing you a view into the
top domains in the mail queue and the status of receiving hosts (see
traffic and the status of your appliance (including quarantines, work queues, and outbreaks). The
appliance identifies when a sender falls outside of the normal traffic profile. Senders that do are
highlighted in the interface, allowing you to take corrective action by assigning that sender to a sender
group or refining the access profile of the sender; or, you can let AsyncOS’s security services continue
to react and respond. Outbound mail has a similar monitoring capability, providing you a view into the
top domains in the mail queue and the status of receiving hosts (see
Note
Information for messages present in the work queue when the appliance is rebooted is not reported by
the Email Security Monitor feature.
the Email Security Monitor feature.
Related Topics
•
Email Security Monitor and Centralized Management
To view aggregated report data, deploy a Cisco Content Security Management appliance.
You cannot aggregate Email Security Monitor reports of clustered appliances. All reports are restricted
to machine level. This means they cannot be run at the group or cluster levels — only on individual
machines.
to machine level. This means they cannot be run at the group or cluster levels — only on individual
machines.
The same is true of the Archived Reports page — each machine in effect has its own archive. Thus, the
“Generate Report” feature runs on the selected machine.
“Generate Report” feature runs on the selected machine.
The Scheduled Reports page is not restricted to machine level; therefore, settings can be shared across
multiple machines. Individual scheduled reports run at machine level just like interactive reports, so if
you configure your scheduled reports at cluster level, every machine in the cluster will send its own
report.
multiple machines. Individual scheduled reports run at machine level just like interactive reports, so if
you configure your scheduled reports at cluster level, every machine in the cluster will send its own
report.
The “Preview This Report” button always runs against the login-host.
Email Security Monitor Pages
The Email Security Monitor feature is comprised of all the pages available on the Monitor menu except
the Quarantines pages.
the Quarantines pages.
You use these pages in the GUI to monitor domains that are connecting to the appliance’s listeners. You
can monitor, sort, analyze, and classify the “mail flow” of your appliance and differentiate between
high-volume senders of legitimate mail and potential “spammers” (senders of high-volume, unsolicited
commercial email) or virus senders. These pages can also help you troubleshoot inbound connections to
the system (including important information such as SBRS score and most recent sender group match
for domains).
can monitor, sort, analyze, and classify the “mail flow” of your appliance and differentiate between
high-volume senders of legitimate mail and potential “spammers” (senders of high-volume, unsolicited
commercial email) or virus senders. These pages can also help you troubleshoot inbound connections to
the system (including important information such as SBRS score and most recent sender group match
for domains).