Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi
4-32
AsyncOS 9.0 for Cisco Content Security Management Appliances User Guide
Chapter 4 Using Centralized Email Security Reporting
Understanding the Email Reporting Pages
The Top Offenders by Rejected Recipients chart shows the envelope senders who sent messages to the
largest number of recipients above the configured limit. This chart aggregates recipient counts from all
listeners.
largest number of recipients above the configured limit. This chart aggregates recipient counts from all
listeners.
Rate Limiting settings, including “Rate Limit for Envelope Senders” settings, are configured on the
Email Security appliance in Mail Policies > Mail Flow Policies. For more information on rate limiting,
see the documentation or online help for your Email Security appliance.
Email Security appliance in Mail Policies > Mail Flow Policies. For more information on rate limiting,
see the documentation or online help for your Email Security appliance.
Related Topics
•
Outbreak Filters Page
The Email > Reporting > Outbreak Filters page shows information about recent outbreaks and
messages quarantined due to Outbreak Filters. You can use this page to monitor your defense against
targeted virus, scam, and phishing attacks.
messages quarantined due to Outbreak Filters. You can use this page to monitor your defense against
targeted virus, scam, and phishing attacks.
Use the Outbreak Filters page to answer the following types of questions:
•
How many messages are quarantined and by which Outbreak Filters rule?
•
How much lead time has the Outbreak Filters feature been providing for virus outbreaks?
•
How do the local outbreaks compare to the global outbreaks?
•
How long do messages stay in the Outbreak Quarantine?
•
Which potentially malicious URLs are most frequently seen?
The Threats By Type section shows the different types of threat messages received by the appliance. The
Threat Summary section shows a breakdown of the messages by Virus, Phish, and Scam.
Threat Summary section shows a breakdown of the messages by Virus, Phish, and Scam.
The Past Year Outbreak Summary lists global as well as local outbreaks over the past year, allowing you
to compare local network trends to global trends. The listing of global outbreaks is a superset of all
outbreaks, both viral and non-viral, whereas local outbreaks are limited to virus outbreaks that have
affected your appliance. Local outbreak data does not include non-viral threats. Global outbreak data
represents all outbreaks detected by the Threat Operations Center which exceeded the currently
configured threshold for the outbreak quarantine. Local outbreak data represents all virus outbreaks
detected on this appliance which exceeded the currently configured threshold for the outbreak
quarantine. The Total Local Protection Time is always based on the difference between when each virus
outbreak was detected by the Threat Operations Center and the release of an anti-virus signature by a
major vendor. Note that not every global outbreak affects your appliance. A value of “--” indicates either
a protection time does not exist, or the signature times were not available from the anti-virus vendors
(some vendors may not report signature times). This does not indicate a protection time of zero, rather
it means that the information required to calculate the protection time is not available.
to compare local network trends to global trends. The listing of global outbreaks is a superset of all
outbreaks, both viral and non-viral, whereas local outbreaks are limited to virus outbreaks that have
affected your appliance. Local outbreak data does not include non-viral threats. Global outbreak data
represents all outbreaks detected by the Threat Operations Center which exceeded the currently
configured threshold for the outbreak quarantine. Local outbreak data represents all virus outbreaks
detected on this appliance which exceeded the currently configured threshold for the outbreak
quarantine. The Total Local Protection Time is always based on the difference between when each virus
outbreak was detected by the Threat Operations Center and the release of an anti-virus signature by a
major vendor. Note that not every global outbreak affects your appliance. A value of “--” indicates either
a protection time does not exist, or the signature times were not available from the anti-virus vendors
(some vendors may not report signature times). This does not indicate a protection time of zero, rather
it means that the information required to calculate the protection time is not available.
The Quarantined Messages section summarizes Outbreak Filters quarantining, and is a useful gauge of
how many potential threat messages Outbreak Filters are catching. Quarantined messages are counted at
time of release. Typically, messages will be quarantined before anti-virus and anti-spam rules are
available. When released, they will be scanned by the anti-virus and anti-spam software and determined
to be positive or clean. Because of the dynamic nature of Outbreak tracking, the rule under which a
message is quarantined (and even the associated outbreak) may change while the message is in the
quarantine. Counting the messages at the time of release (rather than the time of entry into the
quarantine) avoids the confusion of having counts that increase and decrease.
how many potential threat messages Outbreak Filters are catching. Quarantined messages are counted at
time of release. Typically, messages will be quarantined before anti-virus and anti-spam rules are
available. When released, they will be scanned by the anti-virus and anti-spam software and determined
to be positive or clean. Because of the dynamic nature of Outbreak tracking, the rule under which a
message is quarantined (and even the associated outbreak) may change while the message is in the
quarantine. Counting the messages at the time of release (rather than the time of entry into the
quarantine) avoids the confusion of having counts that increase and decrease.