Cisco Cisco Content Security Management Appliance M160 Guía Del Usuario
5-45
Cisco IronPort AsyncOS 8.0 for Security Management User Guide
Chapter 5 Using Centralized Web Reporting and Tracking
Top Malware Sites
This section displays, in graph format, the top malware domains
detected by the L4 Traffic Monitor.
detected by the L4 Traffic Monitor.
Click the Chart Options link below the chart to change the display
from total Malware Connections Detected to Malware
Connections Monitored or Malware Connections Blocked.
from total Malware Connections Detected to Malware
Connections Monitored or Malware Connections Blocked.
Client Source IPs
This table displays the IP addresses of computers in your
organization that frequently connect to malware sites.
organization that frequently connect to malware sites.
To include only data for a particular port, enter a port number into
the box at the bottom of the table and click Filter by Port. You can
use this feature to help determine which ports are used by
malware that “calls home” to malware sites.
the box at the bottom of the table and click Filter by Port. You can
use this feature to help determine which ports are used by
malware that “calls home” to malware sites.
To view details such as the port and destination domain of each
connection, click an entry in the table. For example, if one
particular client IP address has a high number of Malware
Connections Blocked, click the number in that column to view a
list of each blocked connection. The list is displayed as search
results in the L4 Traffic Monitor tab on the Web > Reporting >
Web Tracking page. For more information about this list, see
connection, click an entry in the table. For example, if one
particular client IP address has a high number of Malware
Connections Blocked, click the number in that column to view a
list of each blocked connection. The list is displayed as search
results in the L4 Traffic Monitor tab on the Web > Reporting >
Web Tracking page. For more information about this list, see
.
This table is the same as the “L4 Traffic Monitor - Clients by
Malware Risk” table on the
Malware Risk” table on the
.
Malware Ports
This table displays the ports on which the L4 Traffic Monitor has
most frequently detected malware.
most frequently detected malware.
To view details, click an entry in the table. For example, click the
number of Total Malware Connections Detected to view details of
each connection on that port. The list is displayed as search
results in the L4 Traffic Monitor tab on the Web > Reporting >
Web Tracking page. For more information about this list, see
number of Total Malware Connections Detected to view details of
each connection on that port. The list is displayed as search
results in the L4 Traffic Monitor tab on the Web > Reporting >
Web Tracking page. For more information about this list, see
.
Malware Sites Detected
This table displays the domains on which the L4 Traffic Monitor
most frequently detects malware.
most frequently detects malware.
To include only data for a particular port, enter a port number into
the box at the bottom of the table and click Filter by Port. You can
use this feature to help determine whether to block a site or a port.
the box at the bottom of the table and click Filter by Port. You can
use this feature to help determine whether to block a site or a port.
To view details, click an entry in the table. For example, click the
number of Malware Connections Blocked to view the list of each
blocked connection for a particular site. The list is displayed as
search results in the L4 Traffic Monitor tab on the Web >
Reporting > Web Tracking page. For more information about this
list, see
number of Malware Connections Blocked to view the list of each
blocked connection for a particular site. The list is displayed as
search results in the L4 Traffic Monitor tab on the Web >
Reporting > Web Tracking page. For more information about this
list, see
.
Table 5-13
L4 Traffic Monitor Report Page Components (continued)
Section
Description