Cisco Cisco Email Security Appliance C650 Guía Del Usuario
17-18
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 17 File Reputation Filtering and File Analysis
File Reputation and File Analysis Reporting and Tracking
Viewing File Reputation Filtering Data in Other Reports
Data for file reputation and analysis is available in other reports where relevant. A "Detected by
Advanced Malware Protection" column may be hidden by default in applicable reports. To display
additional columns, click the Columns link below the table.
Advanced Malware Protection" column may be hidden by default in applicable reports. To display
additional columns, click the Columns link below the table.
Advanced Malware
Protection File
Analysis
Protection File
Analysis
Displays the time and verdict (or interim verdict) for each file sent for
analysis.
analysis.
Files that are whitelisted on the Cisco AMP Threat Grid appliance show as
“clean.” For information about whitelisting, see the AMP Threat Grid online
help.
“clean.” For information about whitelisting, see the AMP Threat Grid online
help.
To view more than 1000 File Analysis results, export the data as a .csv file.
Drill down to view detailed analysis results, including the threat
characteristics for each file.
characteristics for each file.
You can also view additional details about an SHA directly on the AMP
Threat Grid appliance or cloud server that performed the analysis by
searching for the SHA or by clicking the Cisco AMP Threat Grid link at the
bottom of the file analysis details page.
Threat Grid appliance or cloud server that performed the analysis by
searching for the SHA or by clicking the Cisco AMP Threat Grid link at the
bottom of the file analysis details page.
Notes:
•
If extracted files from a compressed or an archive file are sent for file
analysis, only SHA values of these extracted files are included in the File
Analysis report.
analysis, only SHA values of these extracted files are included in the File
Analysis report.
•
From AsyncOS 9.9.5 onwards, File Analysis report has been enhanced to
display additional fields, graphs, and so on. The report displayed after the
upgrade does not include the reporting data prior to the upgrade. To view
the File Analysis report prior to the upgrade, click on the hyperlink at the
top of the page.
display additional fields, graphs, and so on. The report displayed after the
upgrade does not include the reporting data prior to the upgrade. To view
the File Analysis report prior to the upgrade, click on the hyperlink at the
top of the page.
Advanced Malware
Protection Verdict
Updates
Protection Verdict
Updates
Lists the files processed by this appliance for which the verdict has changed
since the message was received. For information about this situation, see
since the message was received. For information about this situation, see
To view more than 1000 verdict updates, export the data as a .csv file.
In the case of multiple verdict changes for a single SHA-256, this report
shows only the latest verdict, not the verdict history.
shows only the latest verdict, not the verdict history.
To view all affected messages for a particular SHA-256 within the maximum
available time range (regardless of the time range selected for the report) click
a SHA-256 link.
available time range (regardless of the time range selected for the report) click
a SHA-256 link.
Note
From AsyncOS 9.9.5 onwards, Advanced Malware Protection Verdict
Updates report has been enhanced to display additional fields, graphs,
and so on. The report displayed after the upgrade does not include the
reporting data prior to the upgrade. To view the Advanced Malware
Protection Verdict Updates report prior to the upgrade, click on the
hyperlink at the top of the page.
Updates report has been enhanced to display additional fields, graphs,
and so on. The report displayed after the upgrade does not include the
reporting data prior to the upgrade. To view the Advanced Malware
Protection Verdict Updates report prior to the upgrade, click on the
hyperlink at the top of the page.
Report Description