Cisco Cisco Content Security Management Appliance M160 Guía Del Usuario
4-24
AsyncOS 9.5.x for Cisco Content Security Management Appliances User Guide
Chapter 4 Using Centralized Email Security Reporting
Understanding the Email Reporting Pages
were delivered in the clear, delivered encrypted, or dropped. You can use the Incidents by Sender table
to find out which users may be sending your organization’s sensitive data to people outside your
network.
to find out which users may be sending your organization’s sensitive data to people outside your
network.
Clicking the sender name on the incident detail page opens up the Internal Users page. See the
for more information.
Message Filters
The Message Filters page shows information about the top message filter matches (which message filters
had the largest number of matching messages) for incoming and outgoing messages.
had the largest number of matching messages) for incoming and outgoing messages.
High Volume Mail
Use reports on this page to:
•
Identify attacks involving a large number of messages from a single sender, or with identical
subjects, within a moving one-hour period.
subjects, within a moving one-hour period.
•
Monitor top domains to ensure that such attacks do not originate in your own domain. If this
situation occurs, one or more accounts in your organization may be compromised.
situation occurs, one or more accounts in your organization may be compromised.
•
Help identify false positives so you can adjust your filters accordingly.
Reports on this page show data only from message filters that use the Header Repeats rule and that pass
the number-of-messages threshold that you set in that rule. When combined with other rules, the Header
Repeats rule is evaluated last, and is not evaluated at all if the message disposition is determined by a
preceding condition. Similarly, messages caught by Rate Limiting never reach Header Repeats message
filters. Therefore, some messages that might otherwise be considered high-volume mail may not be
included in these reports. If you have configured your filters to whitelist certain messages, those
messages are also excluded from these reports.
the number-of-messages threshold that you set in that rule. When combined with other rules, the Header
Repeats rule is evaluated last, and is not evaluated at all if the message disposition is determined by a
preceding condition. Similarly, messages caught by Rate Limiting never reach Header Repeats message
filters. Therefore, some messages that might otherwise be considered high-volume mail may not be
included in these reports. If you have configured your filters to whitelist certain messages, those
messages are also excluded from these reports.
For more information about message filters and the Header Repeats rule, see the online help or user
guide for your Email Security appliance.
guide for your Email Security appliance.
Related Topics
•
Content Filters Page
The Email > Reporting > Content Filters page shows information about the top incoming and outgoing
content filter matches (which content filter had the most matching messages). The page displays the data
as both bar charts and listings. Using the Content Filters page, you can review your corporate policies
on a per-content-filter or per-user basis and answer the following types of questions:
content filter matches (which content filter had the most matching messages). The page displays the data
as both bar charts and listings. Using the Content Filters page, you can review your corporate policies
on a per-content-filter or per-user basis and answer the following types of questions:
•
Which content filter is triggered the most by incoming or outgoing mail?
•
Who are the top users sending or receiving mail that triggers a particular content filter?
To view more information about a specific filter, click the name of the filter. The Content Filter Details
page appears. For more information on Content Filter details page, see the
page appears. For more information on Content Filter details page, see the
If your access privileges allow you to view Message Tracking data: To view Message Tracking details
for the messages that populate this report, click a blue number link in the table.
for the messages that populate this report, click a blue number link in the table.