Cisco Cisco Email Security Appliance C160 Mode D'Emploi
27-17
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 27 Using Email Security Monitor
Email Security Monitor Pages
You can click the name of the content filter in the listing to view more information about that filter on
the Content Filter detail page.
the Content Filter detail page.
Content Filter Details
The Content Filter detail page displays matches for that filter over time, as well as matches by internal
user.
user.
In the Matches by Internal User section, you can click the name of a user to view that internal user’s
(email address) Internal User details page (see
(email address) Internal User details page (see
).
The DMARC Verification Page
The DMARC Verification page shows the top domains that failed DMARC verification and the details
of actions AsyncOS performed on the messages that failed DMARC verification. You can use this report
to fine-tune your DMARC settings and answer these kinds of questions:
of actions AsyncOS performed on the messages that failed DMARC verification. You can use this report
to fine-tune your DMARC settings and answer these kinds of questions:
•
Which are the domains that sent maximum number of messages that are not DMARC compliant?
•
For each domain, what are the actions AsyncOS performed on the messages that failed DMARC
verification?
verification?
The DMARC Verification page contains:
•
A bar chart showing top domains by DMARC verification failures.
•
Tabular representation of the following, for each domain:
–
Number of messages that were rejected, quarantined, or accepted without taking any action.
Click on the number to view a list of messages under the selected category.
Click on the number to view a list of messages under the selected category.
–
Number messages that passed DMARC verification.
–
Total number of DMARC verification attempts.
You can select a time range on which to report, such as an hour, a week, or a custom range. As with all
reports, you can export the data for the graphs or the details listing to CSV format via the Export link
or PDF format by clicking the Printable (PDF) link.
reports, you can export the data for the graphs or the details listing to CSV format via the Export link
or PDF format by clicking the Printable (PDF) link.
The Outbreak Filters Page
The Outbreak Filters page shows the current status and configuration of Outbreak Filters on your
appliance as well as information about recent outbreaks and messages quarantined due to Outbreak
Filters. You can use this page to monitor your defense against targeted virus, scam, and phishing attacks.
appliance as well as information about recent outbreaks and messages quarantined due to Outbreak
Filters. You can use this page to monitor your defense against targeted virus, scam, and phishing attacks.
The Threats By Type section shows the different types of threat messages received by the appliance. The
Threat Summary section shows a breakdown of the messages by Virus, Phish, and Scam.
Threat Summary section shows a breakdown of the messages by Virus, Phish, and Scam.
The Past Year Outbreak Summary lists global as well as local outbreaks over the past year, allowing you
to compare local network trends to global trends. The listing of global outbreaks is a superset of all
outbreaks, both viral and non-viral, whereas local outbreaks are limited to virus outbreaks that have
affected your appliance. Local outbreak data does not include non-viral threats. Global outbreak data
represents all outbreaks detected by the Threat Operations Center which exceeded the currently
configured threshold for the outbreak quarantine. Local outbreak data represents all virus outbreaks
detected on this appliance which exceeded the currently configured threshold for the outbreak
quarantine. The Total Local Protection Time is always based on the difference between when each virus
outbreak was detected by the Threat Operations Center and the release of an anti-virus signature by a
to compare local network trends to global trends. The listing of global outbreaks is a superset of all
outbreaks, both viral and non-viral, whereas local outbreaks are limited to virus outbreaks that have
affected your appliance. Local outbreak data does not include non-viral threats. Global outbreak data
represents all outbreaks detected by the Threat Operations Center which exceeded the currently
configured threshold for the outbreak quarantine. Local outbreak data represents all virus outbreaks
detected on this appliance which exceeded the currently configured threshold for the outbreak
quarantine. The Total Local Protection Time is always based on the difference between when each virus
outbreak was detected by the Threat Operations Center and the release of an anti-virus signature by a