Cisco Cisco Email Security Appliance C160 Guía Del Usuario
28-18
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 28 Using Email Security Monitor
Email Security Monitor Pages
Using the DLP Incidents report, you can answer these kinds of questions:
•
What type of sensitive data is being sent by your users?
•
How severe are these DLP incidents?
•
How many of these messages are being delivered?
•
How many of these messages are being dropped?
•
Who is sending these messages?
The DLP Incidents page is comprised of two main sections:
•
the DLP incident trend graphs summarizing the top DLP incidents by severity (Low, Medium, High,
Critical) and policy matches, and
Critical) and policy matches, and
•
the DLP Incidents Details listing.
You can select a time range on which to report, such as an hour, a week, or a custom range. As with all
reports, you can export the data for the graphs or the details listing to CSV format via the Export link
or PDF format by clicking the Printable (PDF) link. For information about generating PDFs in
languages other than English, see the
reports, you can export the data for the graphs or the details listing to CSV format via the Export link
or PDF format by clicking the Printable (PDF) link. For information about generating PDFs in
languages other than English, see the
Click on the name of a DLP policy to view detailed information on the DLP incidents detected by the
policy. You can use this method to get a list of users who sent mail that contained sensitive data detected
by the policy.
policy. You can use this method to get a list of users who sent mail that contained sensitive data detected
by the policy.
Related Topics
•
•
DLP Incidents Details
The DLP policies currently enabled in the appliance’s outgoing mail policies are listed in the DLP
Incidents Details table at the bottom of the DLP Incidents page. Click on the name of a DLP policy to
view more detailed information.
Incidents Details table at the bottom of the DLP Incidents page. Click on the name of a DLP policy to
view more detailed information.
The DLP Incidents Details table shows the total number of DLP incidents per policy, with a breakdown
by severity level, and the number of messages delivered in the clear, delivered encrypted, or dropped.
Click on the column headings to sort the data.
by severity level, and the number of messages delivered in the clear, delivered encrypted, or dropped.
Click on the column headings to sort the data.
DLP Policy Detail Page
If you clicked the name of a DLP policy in the DLP Incidents Details table, the resulting DLP Policy
Detail page displays the DLP incidents data for the policy. The page displays graphs on the DLP
incidents based on severity.
Detail page displays the DLP incidents data for the policy. The page displays graphs on the DLP
incidents based on severity.
The page also includes an Incidents by Sender listing at the bottom of the page that lists each internal
user who has sent a message that violated the DLP policy. The listing also shows the total number of
DLP incidents for this policy per user, with a breakdown by severity level, and whether any of the
messages were delivered in the clear, delivered encrypted, or dropped. You can use the Incidents by
Sender listing to find out which users may be sending your organization’s sensitive data to people outside
your network.
user who has sent a message that violated the DLP policy. The listing also shows the total number of
DLP incidents for this policy per user, with a breakdown by severity level, and whether any of the
messages were delivered in the clear, delivered encrypted, or dropped. You can use the Incidents by
Sender listing to find out which users may be sending your organization’s sensitive data to people outside
your network.
Clicking on the sender name opens up the Internal Users page. See
more information.