Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi
5-23
AsyncOS 8.3.6 for Cisco Content Security Management User Guide
Chapter 5 Using Centralized Web Reporting and Tracking
Web Reporting Page Descriptions
Viewing File Reputation Filtering Data in Other Reports
Data for file reputation and analysis is available in other reports where relevant. A "Blocked by
Advanced Malware Protection" column may be hidden by default in applicable reports. To display
additional columns, click the Columns link below the table.
Advanced Malware Protection" column may be hidden by default in applicable reports. To display
additional columns, click the Columns link below the table.
The Report by User Location includes an Advanced Malware Protection tab.
Client Malware Risk Report
The Web > Reporting > Client Malware Risk page is a security-related reporting page that can be used
to monitor client malware risk activity.
to monitor client malware risk activity.
From the Client Malware Risk page, a system administrator can see which of their users are encountering
the most blocks or warnings. Given the information gathered from this page, the administrator can click
on the user link to view what this user doing on the web that makes them run into so many blocks or
warnings and setting off more detections than the rest of the users on the network.
the most blocks or warnings. Given the information gathered from this page, the administrator can click
on the user link to view what this user doing on the web that makes them run into so many blocks or
warnings and setting off more detections than the rest of the users on the network.
Additionally, the Client Malware Risk page lists client IP addresses involved in frequent malware
connections, as identified by the L4 Traffic Monitor (L4TM). A computer that connects frequently to
malware sites may be infected with malware that is trying to connect to a central command and control
server and should be disinfected.
connections, as identified by the L4 Traffic Monitor (L4TM). A computer that connects frequently to
malware sites may be infected with malware that is trying to connect to a central command and control
server and should be disinfected.
File Analysis
Displays the time and verdict (or interim verdict) for each file sent for
analysis.
analysis.
To view more than 1000 File Analysis results, export the data as a .csv file.
Drill down to view detailed analysis results, including the threat
characteristics and score for each file.
characteristics and score for each file.
You can also search the cloud service for additional information about an
SHA. The link is on the result details page.
SHA. The link is on the result details page.
See also
.
AMP Verdict Updates
Lists the files processed by this appliance for which the verdict has changed
since the transaction was processed. For more information about this
situation, see the documentation for your Web Security appliance.
since the transaction was processed. For more information about this
situation, see the documentation for your Web Security appliance.
To view more than 1000 verdict updates, export the data as a .csv file.
In the case of multiple verdict changes for a single SHA-256, this report
shows only the latest verdict, not the verdict history.
shows only the latest verdict, not the verdict history.
If multiple Web Security appliances have different verdict updates for the
same file, the result with the latest time stamp is displayed.
same file, the result with the latest time stamp is displayed.
Clicking an SHA-256 link displays web tracking results for all transactions
that included this SHA-256 within the maximum available time range,
regardless of the time range selected for the report.
that included this SHA-256 within the maximum available time range,
regardless of the time range selected for the report.
To view all affected transactions for a particular SHA-256 within the
maximum available time range (regardless of the time range selected for the
report), click the link at the bottom of the Malware Threat Files page.
maximum available time range (regardless of the time range selected for the
report), click the link at the bottom of the Malware Threat Files page.
Report Description