Cisco Cisco Web Security Appliance S170 Guida Utente
13-9
AsyncOS 8.6 for Cisco Web Security Appliances User Guide
Chapter 13 File Reputation Filtering and File Analysis
File Reputation and File Analysis Reporting and Tracking
File Reputation and File Analysis Report Pages
Report Description
Advanced Malware
Protection
Protection
Shows file-based threats that were identified by the file reputation service.
To see the users who tried to access each SHA, and the filenames associated
with that SHA-256, click a SHA-256 in the table.
with that SHA-256, click a SHA-256 in the table.
Clicking the link at the bottom of Malware Threat File Details report page
displays all instances of the file in Web Tracking that were encountered
within the maximum available time range, regardless of the time range
selected for the report.
displays all instances of the file in Web Tracking that were encountered
within the maximum available time range, regardless of the time range
selected for the report.
For files with changed verdicts, see the AMP Verdict updates report. Those
verdicts are not reflected in the Advanced Malware Protection report.
verdicts are not reflected in the Advanced Malware Protection report.
Note
If one of the extracted files from a compressed or an archive file is
malicious, only SHA value of the compressed or archive file is
included in the Advanced Malware Protection report.
malicious, only SHA value of the compressed or archive file is
included in the Advanced Malware Protection report.
File Analysis
Displays the time and verdict (or interim verdict) for each file sent for
analysis.
analysis.
To view more than 1000 File Analysis results, export the data as a .csv file.
Drill down to view detailed analysis results, including the threat
characteristics and score for each file.
characteristics and score for each file.
You can also search the cloud service for additional information about an
SHA. The link is on the result details page.
SHA. The link is on the result details page.
Note
If extracted files from a compressed or an archive file are sent for file
analysis, only SHA values of these extracted files are included in the
File Analysis report.
analysis, only SHA values of these extracted files are included in the
File Analysis report.
AMP Verdict Updates
Lists the files processed by this appliance for which the verdict has changed
since the transaction was processed. For information about this situation, see
since the transaction was processed. For information about this situation, see
To view more than 1000 verdict updates, export the data as a .csv file.
In the case of multiple verdict changes for a single SHA-256, this report
shows only the latest verdict, not the verdict history.
shows only the latest verdict, not the verdict history.
Clicking an SHA-256 link displays web tracking results for all transactions
that included this SHA-256 within the maximum available time range,
regardless of the time range selected for the report.
that included this SHA-256 within the maximum available time range,
regardless of the time range selected for the report.
To view all affected transactions for a particular SHA-256 within the
maximum available time range (regardless of the time range selected for the
report) click the link at the bottom of the Malware Threat Files page.
maximum available time range (regardless of the time range selected for the
report) click the link at the bottom of the Malware Threat Files page.