Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi
4-25
AsyncOS 9.1 for Cisco Content Security Management Appliances User Guide
Chapter 4 Using Centralized Email Security Reporting
Understanding the Email Reporting Pages
High Volume Mail
Use reports on this page to:
•
Identify attacks involving a large number of messages from a single sender, or with identical
subjects, within a moving one-hour period.
subjects, within a moving one-hour period.
•
Monitor top domains to ensure that such attacks do not originate in your own domain. If this
situation occurs, one or more accounts in your organization may be compromised.
situation occurs, one or more accounts in your organization may be compromised.
•
Help identify false positives so you can adjust your filters accordingly.
Reports on this page show data only from message filters that use the Header Repeats rule and that pass
the number-of-messages threshold that you set in that rule. When combined with other rules, the Header
Repeats rule is evaluated last, and is not evaluated at all if the message disposition is determined by a
preceding condition. Similarly, messages caught by Rate Limiting never reach Header Repeats message
filters. Therefore, some messages that might otherwise be considered high-volume mail may not be
included in these reports. If you have configured your filters to whitelist certain messages, those
messages are also excluded from these reports.
the number-of-messages threshold that you set in that rule. When combined with other rules, the Header
Repeats rule is evaluated last, and is not evaluated at all if the message disposition is determined by a
preceding condition. Similarly, messages caught by Rate Limiting never reach Header Repeats message
filters. Therefore, some messages that might otherwise be considered high-volume mail may not be
included in these reports. If you have configured your filters to whitelist certain messages, those
messages are also excluded from these reports.
For more information about message filters and the Header Repeats rule, see the online help or user
guide for your Email Security appliance.
guide for your Email Security appliance.
Related Topics
•
Content Filters Page
The Email > Reporting > Content Filters page shows information about the top incoming and outgoing
content filter matches (which content filter had the most matching messages). The page displays the data
as both bar charts and listings. Using the Content Filters page, you can review your corporate policies
on a per-content-filter or per-user basis and answer the following types of questions:
content filter matches (which content filter had the most matching messages). The page displays the data
as both bar charts and listings. Using the Content Filters page, you can review your corporate policies
on a per-content-filter or per-user basis and answer the following types of questions:
•
Which content filter is triggered the most by incoming or outgoing mail?
•
Who are the top users sending or receiving mail that triggers a particular content filter?
To view more information about a specific filter, click the name of the filter. The Content Filter Details
page appears. For more information on Content Filter details page, see the
page appears. For more information on Content Filter details page, see the
If your access privileges allow you to view Message Tracking data: To view Message Tracking details
for the messages that populate this report, click a blue number link in the table.
for the messages that populate this report, click a blue number link in the table.
From the Content Filters page you can also generate a PDF or export raw data to a CSV file. For
information on printing or exporting a file, see the
information on printing or exporting a file, see the
.
Note
You can generate a scheduled report for the Content Filter page. See the
Content Filter Details Page
The Content Filter Detail page displays matches for the filter over time, as well as matches by internal
user.
user.