Cisco Cisco Email Security Appliance C160 Mode D'Emploi
28-18
Cisco AsyncOS 9.1 for Email User Guide
Chapter 28 Using Email Security Monitor
Email Security Monitor Pages
•
Who is sending these messages?
The DLP Incidents page is comprised of two main sections:
•
the DLP incident trend graphs summarizing the top DLP incidents by severity (Low, Medium, High,
Critical) and policy matches, and
Critical) and policy matches, and
•
the DLP Incidents Details listing.
You can select a time range on which to report, such as an hour, a week, or a custom range. As with all
reports, you can export the data for the graphs or the details listing to CSV format via the Export link
or PDF format by clicking the Printable (PDF) link. For information about generating PDFs in
languages other than English, see the
reports, you can export the data for the graphs or the details listing to CSV format via the Export link
or PDF format by clicking the Printable (PDF) link. For information about generating PDFs in
languages other than English, see the
Click on the name of a DLP policy to view detailed information on the DLP incidents detected by the
policy. You can use this method to get a list of users who sent mail that contained sensitive data detected
by the policy.
policy. You can use this method to get a list of users who sent mail that contained sensitive data detected
by the policy.
Related Topics
•
•
DLP Incidents Details
The DLP policies currently enabled in the appliance’s outgoing mail policies are listed in the DLP
Incidents Details table at the bottom of the DLP Incidents page. Click on the name of a DLP policy to
view more detailed information.
Incidents Details table at the bottom of the DLP Incidents page. Click on the name of a DLP policy to
view more detailed information.
The DLP Incidents Details table shows the total number of DLP incidents per policy, with a breakdown
by severity level, and the number of messages delivered in the clear, delivered encrypted, or dropped.
Click on the column headings to sort the data.
by severity level, and the number of messages delivered in the clear, delivered encrypted, or dropped.
Click on the column headings to sort the data.
DLP Policy Detail Page
If you clicked the name of a DLP policy in the DLP Incidents Details table, the resulting DLP Policy
Detail page displays the DLP incidents data for the policy. The page displays graphs on the DLP
incidents based on severity.
Detail page displays the DLP incidents data for the policy. The page displays graphs on the DLP
incidents based on severity.
The page also includes an Incidents by Sender listing at the bottom of the page that lists each internal
user who has sent a message that violated the DLP policy. The listing also shows the total number of
DLP incidents for this policy per user, with a breakdown by severity level, and whether any of the
messages were delivered in the clear, delivered encrypted, or dropped. You can use the Incidents by
Sender listing to find out which users may be sending your organization’s sensitive data to people outside
your network.
user who has sent a message that violated the DLP policy. The listing also shows the total number of
DLP incidents for this policy per user, with a breakdown by severity level, and whether any of the
messages were delivered in the clear, delivered encrypted, or dropped. You can use the Incidents by
Sender listing to find out which users may be sending your organization’s sensitive data to people outside
your network.
Clicking on the sender name opens up the Internal Users page. See
more information.
Content Filters Page
The Content Filters page shows information about the top incoming and outgoing content filter matches
(which content filter had the most matching messages) in two forms: a bar chart and a listing. Using the
Content Filters page, you can review your corporate policies on a per-content filter or per-user basis and
answer questions like:
(which content filter had the most matching messages) in two forms: a bar chart and a listing. Using the
Content Filters page, you can review your corporate policies on a per-content filter or per-user basis and
answer questions like: