Cisco Cisco Content Security Management Appliance M1070 Guida Utente
4-30
AsyncOS 9.5.x for Cisco Content Security Management Appliances User Guide
Chapter 4 Using Centralized Email Security Reporting
Understanding the Email Reporting Pages
File Reputation and File Analysis Report Pages
Viewing File Reputation Filtering Data in Other Reports
Data for file reputation and analysis is available in other reports where relevant. A Detected by Advanced
Malware Protection column may be hidden by default in applicable reports. To display additional
columns, click the Columns link at the bottom of the table.
Malware Protection column may be hidden by default in applicable reports. To display additional
columns, click the Columns link at the bottom of the table.
Report Description
Advanced Malware
Protection
Protection
Shows file-based threats that were identified by the file reputation service.
For files with changed verdicts, see the AMP Verdict updates report. Those
verdicts are not reflected in the Advanced Malware Protection report.
verdicts are not reflected in the Advanced Malware Protection report.
File Analysis
Displays the time and verdict (or interim verdict) for each file sent for
analysis. The appliance checks for analysis results every 30 minutes.
analysis. The appliance checks for analysis results every 30 minutes.
To view more than 1000 File Analysis results, export the data as a .csv file.
For deployments with an on-premises Cisco AMP Threat Grid Appliance:
Files that are whitelisted on the AMP Threat Grid appliance show as "clean."
For information about whitelisting, see the AMP Threat Grid documentation
or online help.
Files that are whitelisted on the AMP Threat Grid appliance show as "clean."
For information about whitelisting, see the AMP Threat Grid documentation
or online help.
Drill down to view detailed analysis results, including the threat
characteristics for each file.
characteristics for each file.
You can also search for additional information about an SHA, or click the link
at the bottom of the file analysis details page to view additional details on the
server that analyzed the file.
at the bottom of the file analysis details page to view additional details on the
server that analyzed the file.
To view details on the server that analyzed a file, see
AMP Verdict Updates
Because Advanced Malware Protection is focused on targeted and zero-day
threats, threat verdicts can change as aggregated data provides more
information.
threats, threat verdicts can change as aggregated data provides more
information.
The AMP Verdict Updates report lists the files processed by this appliance for
which the verdict has changed since the message was received. For more
information about this situation, see the documentation for your Email
Security appliance.
which the verdict has changed since the message was received. For more
information about this situation, see the documentation for your Email
Security appliance.
To view more than 1000 verdict updates, export the data as a .csv file.
In the case of multiple verdict changes for a single SHA-256, this report
shows only the latest verdict, not the verdict history.
shows only the latest verdict, not the verdict history.
To view all affected messages for a particular SHA-256 within the maximum
available time range (regardless of the time range selected for the report) click
a SHA-256 link.
available time range (regardless of the time range selected for the report) click
a SHA-256 link.