Cisco Cisco Email Security Appliance C650 Guía Del Usuario
28-23
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 28 Using Email Security Monitor
Email Security Monitor Pages
Note that, if the verdict of a URL (clean or malicious) was unknown at the time when the end
user clicked it, the status is shown as unknown. This could be because the URL was under
further scrutiny or the web server was down or not reachable at the time of the user click.
user clicked it, the status is shown as unknown. This could be because the URL was under
further scrutiny or the web server was down or not reachable at the time of the user click.
–
The number of times end users clicked on a rewritten URL. Click on a number to view a list of
all the messages that contain the clicked URL.
all the messages that contain the clicked URL.
•
While using Web Interaction Tracking reports, keep in mind the following limitations:
–
If you have configured a content or message filter to deliver messages after rewriting malicious
URLs and notify another user (for example, an administrator), the web interaction tracking data
of the original recipient is incremented even if the notified user clicks on the rewritten URLs.
URLs and notify another user (for example, an administrator), the web interaction tracking data
of the original recipient is incremented even if the notified user clicks on the rewritten URLs.
–
If you are sending a copy of quarantined messages containing rewritten URLs to a user (for
example, an administrator) using web interface, the web interaction tracking data of the original
recipient is incremented even if the user (to whom the copy of the messages were sent) clicks
on the rewritten URLs.
example, an administrator) using web interface, the web interaction tracking data of the original
recipient is incremented even if the user (to whom the copy of the messages were sent) clicks
on the rewritten URLs.
–
At any point, if you plan to modify the time of your appliance, make sure that the system time
is synchronized with Coordinated Universal Time (UTC).
is synchronized with Coordinated Universal Time (UTC).
File Reputation and File Analysis Reports
For the following reports, see
File Reputation and File Analysis Reporting and Tracking, page 17-14
:
•
Advanced Malware Protection
•
File Analysis
•
AMP Verdict Updates
TLS Connections Page
The TLS Connections pages shows the overall usage of TLS connections for sent and received mail. The
report also shows details for each domain sending mail using TLS connections.
report also shows details for each domain sending mail using TLS connections.
The TLS Connections page can be used to determine the following information:
•
Overall, what portion of incoming and outgoing connections use TLS?
•
What partners do I have successful TLS connections with?
•
What partners do I have unsuccessful TLS connections with?
•
What partners have issue with their TLS certificates?
•
What percent of overall mail with a partner uses TLS?
The TLS Connections page is divided into a section for incoming connections and a section for outgoing
connections. Each section includes a graph, summaries, and a table with details.
connections. Each section includes a graph, summaries, and a table with details.
The graph displays a view of incoming or outgoing TLS-encrypted and non-encrypted connections over
the time range you specify. The graph displays the total volume of messages, the volume of encrypted
and unencrypted messages, and the volume of successful and failed TLS encrypted messages. The
graphs distinguish between connections in which TLS was required and connections in which TLS was
merely preferred.
the time range you specify. The graph displays the total volume of messages, the volume of encrypted
and unencrypted messages, and the volume of successful and failed TLS encrypted messages. The
graphs distinguish between connections in which TLS was required and connections in which TLS was
merely preferred.
The table displays details for domains sending or receiving encrypted messages. For each domain, you
can view the number of required and preferred TLS connections that were successful and that failed, the
total number of TLS connections attempted (whether successful or failed), and the total number of
can view the number of required and preferred TLS connections that were successful and that failed, the
total number of TLS connections attempted (whether successful or failed), and the total number of