Cisco Cisco Email Security Appliance C170 Guía Del Usuario
28-20
Cisco AsyncOS 9.1 for Email User Guide
Chapter 28 Using Email Security Monitor
Email Security Monitor Pages
The Past Year Outbreak Summary lists global as well as local outbreaks over the past year, allowing you
to compare local network trends to global trends. The listing of global outbreaks is a superset of all
outbreaks, both viral and non-viral, whereas local outbreaks are limited to virus outbreaks that have
affected your appliance. Local outbreak data does not include non-viral threats. Global outbreak data
represents all outbreaks detected by the Threat Operations Center which exceeded the currently
configured threshold for the outbreak quarantine. Local outbreak data represents all virus outbreaks
detected on this appliance which exceeded the currently configured threshold for the outbreak
quarantine. The Total Local Protection Time is always based on the difference between when each virus
outbreak was detected by the Threat Operations Center and the release of an anti-virus signature by a
major vendor. Note that not every global outbreak affects your appliance. A value of “--” indicates either
a protection time does not exist, or the signature times were not available from the anti-virus vendors
(some vendors may not report signature times). This does not indicate a protection time of zero, rather
it means that the information required to calculate the protection time is not available.
to compare local network trends to global trends. The listing of global outbreaks is a superset of all
outbreaks, both viral and non-viral, whereas local outbreaks are limited to virus outbreaks that have
affected your appliance. Local outbreak data does not include non-viral threats. Global outbreak data
represents all outbreaks detected by the Threat Operations Center which exceeded the currently
configured threshold for the outbreak quarantine. Local outbreak data represents all virus outbreaks
detected on this appliance which exceeded the currently configured threshold for the outbreak
quarantine. The Total Local Protection Time is always based on the difference between when each virus
outbreak was detected by the Threat Operations Center and the release of an anti-virus signature by a
major vendor. Note that not every global outbreak affects your appliance. A value of “--” indicates either
a protection time does not exist, or the signature times were not available from the anti-virus vendors
(some vendors may not report signature times). This does not indicate a protection time of zero, rather
it means that the information required to calculate the protection time is not available.
The Quarantined Messages section summarizes Outbreak Filters quarantining, and is a useful gauge of
how many potential threat messages Outbreak Filters are catching. Quarantined messages are counted at
time of release. Typically, messages will be quarantined before anti-virus and anti-spam rules are
available. When released, they will be scanned by the anti-virus and anti-spam software and determined
to be positive or clean. Because of the dynamic nature of Outbreak tracking, the rule under which a
message is quarantined (and even the associated outbreak) may change while the message is in the
quarantine. Counting the messages at the time of release (rather than the time of entry into the
quarantine) avoids the confusion of having counts that increase and decrease.
how many potential threat messages Outbreak Filters are catching. Quarantined messages are counted at
time of release. Typically, messages will be quarantined before anti-virus and anti-spam rules are
available. When released, they will be scanned by the anti-virus and anti-spam software and determined
to be positive or clean. Because of the dynamic nature of Outbreak tracking, the rule under which a
message is quarantined (and even the associated outbreak) may change while the message is in the
quarantine. Counting the messages at the time of release (rather than the time of entry into the
quarantine) avoids the confusion of having counts that increase and decrease.
The Threat Details listing displays information about specific outbreaks, including the threat category
(virus, scam, or phishing), threat name, a description of the threat, and the number of messages
identified. For virus outbreaks, the Past Year Virus Outbreaks include the Outbreak name and ID, time
and date a virus outbreak was first seen globally, the protection time provided by Outbreak filters, and
the number of quarantined messages. You can select either global or local outbreaks as well as the
number of messages to display via the menu on the left. You can sort the listing by clicking on the
column headers. Click on the number to view a list of all the messages that are included in that number
using Message Tracking.
(virus, scam, or phishing), threat name, a description of the threat, and the number of messages
identified. For virus outbreaks, the Past Year Virus Outbreaks include the Outbreak name and ID, time
and date a virus outbreak was first seen globally, the protection time provided by Outbreak filters, and
the number of quarantined messages. You can select either global or local outbreaks as well as the
number of messages to display via the menu on the left. You can sort the listing by clicking on the
column headers. Click on the number to view a list of all the messages that are included in that number
using Message Tracking.
The First Seen Globally time is determined by the Threat Operations Center, based on data from
SenderBase, the world’s largest email and web traffic monitoring network. The Protection Time is based
on the difference between when each threat was detected by the Threat Operations Center and the release
of an anti-virus signature by a major vendor.
SenderBase, the world’s largest email and web traffic monitoring network. The Protection Time is based
on the difference between when each threat was detected by the Threat Operations Center and the release
of an anti-virus signature by a major vendor.
A value of “--” indicates either a protection time does not exist, or the signature times were not available
from the anti-virus vendors (some vendors may not report signature times). This does not indicate a
protection time of zero. Rather, it means that the information required to calculate the protection time is
not available.
from the anti-virus vendors (some vendors may not report signature times). This does not indicate a
protection time of zero. Rather, it means that the information required to calculate the protection time is
not available.
Hit Messages from Incoming Messages section shows the percentage and number of viral attachment,
other threats (non-viral), and clean incoming messages.
other threats (non-viral), and clean incoming messages.
Hit Messages by Threat Level section shows the percentage and number of incoming threat messages
(viral and non-viral) based on threat levels (Level 1 through 5).
(viral and non-viral) based on threat levels (Level 1 through 5).
Messages resided in Outbreak Quarantine section shows the number of threat messages resided in the
Outbreak Quarantine based on the duration.
Outbreak Quarantine based on the duration.
Top URL's Rewritten section shows the list of top 10 URLs that were rewritten based on the number of
occurrences. Use the Items Displayed drop-down to view more rewritten URLs. Click on the number to
view a list of all the messages that contain the selected rewritten URL on the Message Tracking page.
occurrences. Use the Items Displayed drop-down to view more rewritten URLs. Click on the number to
view a list of all the messages that contain the selected rewritten URL on the Message Tracking page.
Using the Outbreak Filters page, you can answer questions like: