Cisco Cisco Content Security Management Appliance M1070 Mode D'Emploi
5-25
AsyncOS 10.0 for Cisco Content Security Management Appliances User Guide
Chapter 5 Using Centralized Web Reporting and Tracking
Web Reporting Page Descriptions
Viewing File Reputation Filtering Data in Other Reports
Data for file reputation and analysis is available in other reports where relevant. A "Blocked by
Advanced Malware Protection" column may be hidden by default in applicable reports. To display
additional columns, click the Columns link below the table.
Advanced Malware Protection" column may be hidden by default in applicable reports. To display
additional columns, click the Columns link below the table.
The Report by User Location includes an Advanced Malware Protection tab.
For Which Files Are Detailed File Analysis Results Visible in the Cloud?
If you have deployed public-cloud File Analysis, you can view detailed results for all files uploaded from
any managed appliance that has been added to the appliance group for File Analysis.
any managed appliance that has been added to the appliance group for File Analysis.
File Analysis
Displays the time and verdict (or interim verdict) for each file sent for
analysis. The appliance checks for analysis results every 30 minutes.
analysis. The appliance checks for analysis results every 30 minutes.
To view more than 1000 File Analysis results, export the data as a .csv file.
For deployments with an on-premises Cisco AMP Threat Grid Appliance:
Files that are whitelisted on the Cisco AMP Threat Grid appliance show as
"clean." For information about whitelisting, see the AMP Threat Grid online
help.
Files that are whitelisted on the Cisco AMP Threat Grid appliance show as
"clean." For information about whitelisting, see the AMP Threat Grid online
help.
Drill down to view detailed analysis results, including the threat
characteristics and score for each file.
characteristics and score for each file.
You can also view additional details about an SHA directly on the server that
performed the analysis by searching for the SHA or by clicking the Cisco
AMP Threat Grid link at the bottom of the file analysis details page.
performed the analysis by searching for the SHA or by clicking the Cisco
AMP Threat Grid link at the bottom of the file analysis details page.
To view details on the server that analyzed a file, see
If a file extracted from a compressed or archived file is sent for analysis, only
the SHA value of the extracted file is included in the File Analysis report.
the SHA value of the extracted file is included in the File Analysis report.
AMP Verdict Updates
Lists the files processed by this appliance for which the verdict has changed
since the transaction was processed. For more information about this
situation, see the documentation for your Web Security appliance.
since the transaction was processed. For more information about this
situation, see the documentation for your Web Security appliance.
To view more than 1000 verdict updates, export the data as a .csv file.
In the case of multiple verdict changes for a single SHA-256, this report
shows only the latest verdict, not the verdict history.
shows only the latest verdict, not the verdict history.
If multiple Web Security appliances have different verdict updates for the
same file, the result with the latest time stamp is displayed.
same file, the result with the latest time stamp is displayed.
Clicking an SHA-256 link displays web tracking results for all transactions
that included this SHA-256 within the maximum available time range,
regardless of the time range selected for the report.
that included this SHA-256 within the maximum available time range,
regardless of the time range selected for the report.
To view all affected transactions for a particular SHA-256 within the
maximum available time range (regardless of the time range selected for the
report), click the link at the bottom of the Malware Threat Files page.
maximum available time range (regardless of the time range selected for the
report), click the link at the bottom of the Malware Threat Files page.
Report Description