Cisco Cisco Content Security Management Appliance M1070 ユーザーガイド
4-52
Cisco IronPort AsyncOS 8.0 for Security Management User Guide
Chapter 4 Using Centralized Email Security Reporting
Additional Report Types
Two special reports that can be generated in the Email > Reporting section on the Security Management
appliance are:
appliance are:
•
•
Domain-Based Executive Summary Report
The Domain-Based Executive Summary report provides a synopsis of the incoming and outgoing
message activity for one or more domains in your network. It is similar to the Executive Summary report,
but it limits the report data to the messages sent to and from the domains that you specify. If multiple
domains are specified, the appliance aggregates the data for all those domains into a single report. Unlike
other scheduled reports, Domain-Based Executive Summary reports are not archived.
message activity for one or more domains in your network. It is similar to the Executive Summary report,
but it limits the report data to the messages sent to and from the domains that you specify. If multiple
domains are specified, the appliance aggregates the data for all those domains into a single report. Unlike
other scheduled reports, Domain-Based Executive Summary reports are not archived.
Because messages blocked by reputation filtering do not enter the work queue, AsyncOS does not
process these messages to determine the domain destination. An algorithm estimates the number of
rejected messages per domain. To determine the exact number of blocked messages per domain, you can
delay HAT rejections on the Cisco IronPort Security Management appliance until the messages reach the
recipient level (RCPT TO). This allows AsyncOS to collect recipient data from the incoming messages.
You can delay rejections using listenerconfig -> setup command on the Cisco IronPort Email Security
appliance. However, this option can impact system performance. For more information about delayed
HAT rejections, see the documentation for Cisco IronPort AsyncOS for Email Security.
process these messages to determine the domain destination. An algorithm estimates the number of
rejected messages per domain. To determine the exact number of blocked messages per domain, you can
delay HAT rejections on the Cisco IronPort Security Management appliance until the messages reach the
recipient level (RCPT TO). This allows AsyncOS to collect recipient data from the incoming messages.
You can delay rejections using listenerconfig -> setup command on the Cisco IronPort Email Security
appliance. However, this option can impact system performance. For more information about delayed
HAT rejections, see the documentation for Cisco IronPort AsyncOS for Email Security.
Note
To see Stopped by Reputation Filtering results in your Domain-Based Executive Summary report on the
Security Management appliance, you must have hat_reject_info enabled on both the Email Security
appliance and the Security Management appliance.
Security Management appliance, you must have hat_reject_info enabled on both the Email Security
appliance and the Security Management appliance.
To enable the hat_reject_info on the Security Management appliance, run the reportingconfig >
domain > hat_reject_info command.
To enable the hat_reject_info on the Security Management appliance, run the reportingconfig >
domain > hat_reject_info command.
To generate reports for a subdomain, you must add its parent domain as a second-level domain in the
reporting system of the Email Security appliance and the Security Management appliance. For example,
if you add example.com as a second-level domain, its subdomains, such as subdomain.example.com, are
available for reporting. To add second-level domains, use reportingconfig -> mailsetup -> tld
reporting system of the Email Security appliance and the Security Management appliance. For example,
if you add example.com as a second-level domain, its subdomains, such as subdomain.example.com, are
available for reporting. To add second-level domains, use reportingconfig -> mailsetup -> tld
in the
Email Security appliance CLI, and reportingconfig -> domain -> tld in the Security Management
appliance CLI.
appliance CLI.
To create a Domain-Based Executive Summary report:
Procedure
Step 1
On the Security Management appliance, you can schedule the report or generate the report immediately.
To schedule the report:
a.
Choose Email > Reporting > Scheduled Reports.
b.
Click Add Scheduled Report.
To create an on-demand report:
a.
Choose Email > Reporting > Archived Reports.