Cisco Cisco Email Security Appliance C160 Guida Utente
16-8
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 16 File Reputation Filtering and File Analysis
File Reputation and File Analysis Reporting and Tracking
•
•
Configuring Centralized Reporting for Advanced Malware Protection Features
If you will centralize reporting on a Security Management appliance, see important configuration
requirements in the Advanced Malware Protection sections in the email reporting chapter of the online
help or user guide for your management appliance.
requirements in the Advanced Malware Protection sections in the email reporting chapter of the online
help or user guide for your management appliance.
File Reputation and File Analysis Reporting and Tracking
•
•
•
•
Identifying Files by SHA-256 Hash
Because filenames can easily be changed, the appliance generates an identifier for each file using a
Secure Hash Algorithm (SHA-256). If an appliance processes the same file with different names, all
instances are recognized as the same SHA-256. If multiple appliances process the same file, all instances
of the file have the same SHA-256 identifier.
Secure Hash Algorithm (SHA-256). If an appliance processes the same file with different names, all
instances are recognized as the same SHA-256. If multiple appliances process the same file, all instances
of the file have the same SHA-256 identifier.
In most reports, files are listed by their SHA-256 value (in an abbreviated format).
File Reputation and File Analysis Report Pages
Report Description
Advanced Malware
Protection
Protection
Shows file-based threats that were identified by the file reputation service.
For files with changed verdicts, see the AMP Verdict updates report. Those
verdicts are not reflected in the Advanced Malware Protection report.
verdicts are not reflected in the Advanced Malware Protection report.