Cisco Cisco Web Security Appliance S170 사용자 가이드

 describes the information on the Web Reputation Filters page. 

The Reporting > L4 Traffic Monitor page is a security-related reporting page that displays information 
about malware ports and malware sites that the L4 Traffic Monitor has detected during the specified time 
range. It also displays IP addresses of clients that frequently encounter malware sites. 

The L4 Traffic Monitor listens to network traffic that comes in over all ports on the appliance and 
matches domain names and IP addresses against entries in its own database tables to determine whether 
to allow incoming and outgoing traffic. 

You can use data in this report to determine whether to block a port or a site, or to investigate why a 
particular client IP address is connecting unusually frequently to a malware site (for example, this could 
be because the computer associated with that IP address is infected with malware that is trying to connect 
to a central command and control server.) 

 shows the L4 Traffic Monitor page. 

A menu that allows to choose the time range of the data contained 
in the report. For more information, see the 

. 

This section, in graph format, displays the total number of web 
reputation actions (vertical) against the time specified (horizontal 
timeline). From this you can see potential trends over time for 
web reputation actions.

This section displays the web reputation action volume in 
percentages by transactions. 

This section displays the threat types that were blocked due to a 
low reputation score.

This section displays the threat types that resulted in a reputation 
score that indicated to scan the transaction. It shows both 
monitored and blocked transactions.

Web Reputation Actions  
(Breakdown by Score) 

This interactive table displays the web reputation scores broken 
down for each action.