Cisco Cisco Email Security Appliance C160 Mode D'Emploi
28-22
User Guide for AsyncOS 9.8 for Cisco Email Security Appliances
Chapter 28 Using Email Security Monitor
Email Security Monitor Pages
•
Only messages that are scanned by the URL filtering engine (either as part of anti-spam/outbreak
filter scanning or through message/content filters) are included in these modules. However, not all
of the results are necessarily specifically attributable to the URL Filtering feature.
filter scanning or through message/content filters) are included in these modules. However, not all
of the results are necessarily specifically attributable to the URL Filtering feature.
•
The Top URL Categories module includes all categories found in messages that have been scanned,
whether or not they match a content or message filter.
whether or not they match a content or message filter.
•
Each message can be associated with only one URL reputation level. For messages with multiple
URLs, the statistics reflect the lowest reputation of any URL in the message.
URLs, the statistics reflect the lowest reputation of any URL in the message.
•
URLs in the global whitelist configured at Security Services > URL Filtering are not included in
reports.
reports.
URLs in whitelists used in individual filters are included in reports.
•
Malicious URLs are URLs that Outbreak Filters have determined to have poor reputation. Neutral
URLs are those that Outbreak Filters have determined to require click-time protection. Neutral
URLs have therefore been rewritten to redirect them to the Cisco Web Security proxy.
URLs are those that Outbreak Filters have determined to require click-time protection. Neutral
URLs have therefore been rewritten to redirect them to the Cisco Web Security proxy.
•
Results of URL category-based filters are reflected in content and message filter reports.
•
Results of click-time URL evaluations by the Cisco Web Security proxy are not reflected in reports.
Web Interaction Tracking Page
•
Web Interaction Tracking report modules are populated only if the web interaction tracking feature
is enabled.
is enabled.
•
Web Interaction Tracking report modules are not updated in real-time and are refreshed every 30
minutes. Also, after clicking a rewritten URL, it may take up to two hours for the Web Interaction
Tracking report to report this event.
minutes. Also, after clicking a rewritten URL, it may take up to two hours for the Web Interaction
Tracking report to report this event.
•
Web Interaction Tracking report is not updated in real-time. After clicking a rewritten URL, it may
take up to two hours for the Web Interaction Tracking report to report this event.
take up to two hours for the Web Interaction Tracking report to report this event.
•
Web Interaction Tracking reports are available for incoming and outgoing messages.
•
Only rewritten URLs (either by policy or Outbreak Filter) clicked by the end users are included in
these modules.
these modules.
•
Web Interaction Tracking page includes the following reports:
Top Rewritten Malicious URLs clicked by End Users. Click on a URL to view a detailed report
that contains the following information:
that contains the following information:
–
A list of end users who clicked on the rewritten malicious URL.
–
Date and time at which the URL was clicked.
–
Whether the URL was rewritten by a policy or an outbreak filter.
–
Action taken (allow, block, or unknown) when the rewritten URL was clicked. Note that, if a
URL was rewritten by outbreak filter and the final verdict is unavailable, the status is shown as
unknown.
URL was rewritten by outbreak filter and the final verdict is unavailable, the status is shown as
unknown.
Top End Users who clicked on Rewritten Malicious URLs
Web Interaction Tracking Details. Includes the following information:
–
A list of all the rewritten URLs (malicious and unmalicious). Click on a URL to view a detailed
report.
report.
–
Action taken (allow, block, or unknown) when a rewritten URL was clicked.