Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi
5-24
AsyncOS 8.3.7 for Cisco Content Security Management User Guide
Chapter 5 Using Centralized Web Reporting and Tracking
Web Reporting Page Descriptions
describes the information on the Client Malware Risk page.
Tip
To customize your view of this report, see
.
Web Reputation Filters Report
The Web > Reporting > Web Reputation Filters is a security-related reporting page that allows you to
view the results of your set Web Reputation filters for transactions during a specified time range.
view the results of your set Web Reputation filters for transactions during a specified time range.
What are Web Reputation Filters?
Web Reputation Filters analyze web server behavior and assign a reputation score to a URL to determine
the likelihood that it contains URL-based malware. It helps protect against URL-based malware that
threatens end-user privacy and sensitive corporate information. The Web Security appliance uses URL
reputation scores to identify suspicious activity and stop malware attacks before they occur. You can use
Web Reputation Filters with both Access and Decryption Policies.
the likelihood that it contains URL-based malware. It helps protect against URL-based malware that
threatens end-user privacy and sensitive corporate information. The Web Security appliance uses URL
reputation scores to identify suspicious activity and stop malware attacks before they occur. You can use
Web Reputation Filters with both Access and Decryption Policies.
Table 5-9
Client Malware Risk Report Page Components
Section
Description
Time Range (drop-down list)
A menu that allows you to choose the time range of the data
contained in the report. For more information, see
contained in the report. For more information, see
Web Proxy: Top Clients Monitored or
Blocked
Blocked
This chart displays the top ten users that have encountered a
malware risk.
malware risk.
L4 Traffic Monitor: Malware
Connections Detected
Connections Detected
This chart displays the IP addresses of the ten computers in your
organization that most frequently connect to malware sites.
organization that most frequently connect to malware sites.
This chart is the same as the “Top Client IPs” chart on the
information and chart options.
Web Proxy: Client Malware Risk
The Web Proxy: Client Malware Risk table shows detailed
information about particular clients that are displayed in the Web
Proxy: Top Clients by Malware Risk section.
information about particular clients that are displayed in the Web
Proxy: Top Clients by Malware Risk section.
You can click each user in this table to view the User Details page
associated with that client. For information about that page, see
the
associated with that client. For information about that page, see
the
.
Clicking on any of the links in the table allows you to view more
granular details about individual users and what activity they are
performing that is triggering the malware risk. For example,
clicking on the link in the “User ID / Client IP Address” column
takes you to a User page for that user.
granular details about individual users and what activity they are
performing that is triggering the malware risk. For example,
clicking on the link in the “User ID / Client IP Address” column
takes you to a User page for that user.
L4 Traffic Monitor: Clients by Malware
Risk
Risk
This table displays IP addresses of computers in your
organization that frequently connect to malware sites.
organization that frequently connect to malware sites.
This table is the same as the “Client Source IPs” table on the
. For information about
working with this table, see that section.