Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi
4-29
AsyncOS 9.6 for Cisco Content Security Management Appliances User Guide
Chapter 4 Using Centralized Email Security Reporting
Understanding the Email Reporting Pages
If you use an HTTPS proxy, the proxy must not decrypt the traffic; use a pass-through mechanism for
communications with the File Analysis server. The proxy server must trust the certificate from the Fire
Analysis server, but need not provide its own certificate to the File Analysis server.
communications with the File Analysis server. The proxy server must trust the certificate from the Fire
Analysis server, but need not provide its own certificate to the File Analysis server.
(Cloud File Analysis) Configure the Management Appliance to Display Detailed File Analysis Results
In order to allow all content security appliances in your organization to display detailed results in the
cloud about files sent for analysis from any Cisco Email Security appliance or Cisco Web Security
appliance in your organization, you need to join all appliances to the same appliance group.
cloud about files sent for analysis from any Cisco Email Security appliance or Cisco Web Security
appliance in your organization, you need to join all appliances to the same appliance group.
Step 1
Select Management Appliance > Centralized Services > Security Appliances.
Step 2
Scroll to the File Analysis section.
Step 3
If your managed appliances are pointed at different File Analysis cloud servers, select the server from
which to display result details.
which to display result details.
Result details will not be available for files processed by any other cloud server.
Step 4
Enter the Analysis Group ID.
•
If you enter the Group ID incorrectly or need to change it for any other reason, you must open a case
with Cisco TAC.
with Cisco TAC.
•
This change takes effect immediately; it does not require a Commit.
•
It is suggested to use your CCOID for this value.
•
This value is case-sensitive.
•
This value must be identical on all appliances that will share data about files that are uploaded for
analysis.
analysis.
•
An appliance can belong to only one group.
•
You can add a machine to a group at any time, but you can add it only once.
Step 5
Click Group Now.
Step 6
Configure the same group on each Email Security appliance that will share data with this appliance.
(On-Premises File Analysis) Activate the File Analysis Account
If you have deployed an on-premises (private cloud) Cisco AMP Threat Grid Appliance, you must
activate the File Analysis account for your Cisco Content Security Management appliance in order to
view report details available on the Threat Grid appliance. You generally only need to do this once.
activate the File Analysis account for your Cisco Content Security Management appliance in order to
view report details available on the Threat Grid appliance. You generally only need to do this once.
Before You Begin
Ensure that you are receiving System alerts at Critical level.
Procedure
Step 1
The first time you attempt to access File Analysis report details from the Threat Grid appliance, wait a
few minutes and you will receive an alert that includes a link.
few minutes and you will receive an alert that includes a link.
If you do not receive this alert, go to Management Appliance > System Administration > Alerts and
click View Top Alerts.
click View Top Alerts.
Step 2
Click the link in the alert message.