Cisco Cisco Content Security Management Appliance M160 Guía Del Usuario
5-44
AsyncOS 8.3.5 for Cisco Content Security Management User Guide
Chapter 5 Using Centralized Web Reporting and Tracking
Troubleshooting Web Reporting and Tracking
"Block - AMP" in search results means the transaction was blocked because of the file's reputation
verdict.
verdict.
In Tracking details, the "AMP Threat Score" is the best-effort score that the cloud reputation service
provides when it cannot determine a clear verdict for the file. In this situation, the score is between
1 and 100. (Ignore the AMP Threat Score if an AMP Verdict is returned or if the score is zero.) The
appliance compares this score to the threshold score (configured on the Security Services >
Anti-Malware and Reputation page) to determine what action to take. By default, files with scores
between 60 and 100 are considered malicious. Cisco does not recommend changing the default
threshold score. The WBRS score is the reputation of the site from which the file was downloaded;
this score is not related to the file reputation.
provides when it cannot determine a clear verdict for the file. In this situation, the score is between
1 and 100. (Ignore the AMP Threat Score if an AMP Verdict is returned or if the score is zero.) The
appliance compares this score to the threshold score (configured on the Security Services >
Anti-Malware and Reputation page) to determine what action to take. By default, files with scores
between 60 and 100 are considered malicious. Cisco does not recommend changing the default
threshold score. The WBRS score is the reputation of the site from which the file was downloaded;
this score is not related to the file reputation.
•
Verdict updates are available only in the AMP Verdict Updates report. The original transaction
details in Web Tracking are not updated with verdict changes. To see transactions involving a
particular file, click a SHA-256 in the verdict updates report.
details in Web Tracking are not updated with verdict changes. To see transactions involving a
particular file, click a SHA-256 in the verdict updates report.
•
Information about File Analysis, including analysis results and whether or not a file was sent for
analysis, are available only in the File Analysis report.
analysis, are available only in the File Analysis report.
Additional information about an analyzed file may be available from the cloud. To view any
available File Analysis information for a file, select Reporting > File Analysis and enter the
SHA-256 to search for the file, or click the SHA-256 link in Web Tracking details. If the File
Analysis service has analyzed the file from any source, you can see the details. Results are displayed
only for files that have been analyzed.
available File Analysis information for a file, select Reporting > File Analysis and enter the
SHA-256 to search for the file, or click the SHA-256 link in Web Tracking details. If the File
Analysis service has analyzed the file from any source, you can see the details. Results are displayed
only for files that have been analyzed.
If the appliance processed a subsequent instance of a file that was sent for analysis, those instances
will appear in Web Tracking search results.
will appear in Web Tracking search results.
Related Topics
•
About Web Tracking and Upgrades
New web tracking features may not apply to transactions that occurred before upgrade, because the
required data may not have been retained for those transactions. For possible limitations related to web
tracking data and upgrades, see the Release Notes for your release.
required data may not have been retained for those transactions. For possible limitations related to web
tracking data and upgrades, see the Release Notes for your release.
Troubleshooting Web Reporting and Tracking
•
•
•
•
•
•
See also
.