Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi
4-22
AsyncOS 9.5.x for Cisco Content Security Management Appliances User Guide
Chapter 4 Using Centralized Email Security Reporting
Understanding the Email Reporting Pages
Note
You can generate a scheduled report for the Internal Users page. See the
Internal User Details Page
The Internal User detail page shows detailed information about a user, including a breakdown of
incoming and outgoing messages showing the number of messages in each category (such as spam
detected, virus detected, stopped by content filter, etc.). Incoming and outgoing content filter matches
are also shown.
incoming and outgoing messages showing the number of messages in each category (such as spam
detected, virus detected, stopped by content filter, etc.). Incoming and outgoing content filter matches
are also shown.
Inbound Internal Users are the users for which you received email, based on the Rcpt To: address.
Outbound Internal Users are based on the Mail From: address and are useful when tracking the types of
email that senders on your internal network are sending.
Outbound Internal Users are based on the Mail From: address and are useful when tracking the types of
email that senders on your internal network are sending.
Click a content filter name to view detailed information for that filter on the corresponding content filter
information page (see
information page (see
). You can use this method to view a list of all users
who sent or received mail that matched the particular content filter.
Note
Some outbound mail (such as bounces) has a null sender. They are counted as outbound “unknown.”
Searching for a Specific Internal User
With the search form at the bottom of the Internal Users page and the Internal User detail page, you can
search for a specific internal user (email address). Select whether to exactly match the search text or look
for items starting with the entered text (for example, starts with “ex” will match
“example@example.com”).
search for a specific internal user (email address). Select whether to exactly match the search text or look
for items starting with the entered text (for example, starts with “ex” will match
“example@example.com”).
DLP Incidents
The Email > Reporting > DLP Incidents (DLP Incident Summary) page shows information on the
incidents of data loss prevention (DLP) policy violations occurring in outgoing mail. The Email Security
appliance uses the DLP email policies enabled in the Outgoing Mail Policies table to detect sensitive
data sent by your users. Every occurrence of an outgoing message violating a DLP policy is reported as
an incident.
incidents of data loss prevention (DLP) policy violations occurring in outgoing mail. The Email Security
appliance uses the DLP email policies enabled in the Outgoing Mail Policies table to detect sensitive
data sent by your users. Every occurrence of an outgoing message violating a DLP policy is reported as
an incident.
Using the DLP Incident Summary report, you can answer these kinds of questions:
•
What type of sensitive data is being sent by your users?
•
How severe are these DLP incidents?
•
How many of these messages are being delivered?
•
How many of these messages are being dropped?
•
Who is sending these messages?
The DLP Incident Summary page contains two main sections:
•
the DLP incident trend graphs summarizing the top DLP incidents by severity (Low, Medium, High,
Critical) and policy matches,
Critical) and policy matches,
•
the DLP Incident Details listing