Cisco Cisco Web Security Appliance S170 사용자 가이드
23-12
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 23 Web Security Appliance Reports
URL Categories Page
URL Category Set Updates and Reports
The set of predefined URL categories may periodically be updated automatically on your Web Security
appliance, as described in
appliance, as described in
.
When these updates occur, old category names will continue to appear in reports until the data associated
with the older categories is too old to be included in reports. Report data generated after a URL category
set update will use the new categories, so you may see both old and new categories in the same report.
with the older categories is too old to be included in reports. Report data generated after a URL category
set update will use the new categories, so you may see both old and new categories in the same report.
If there is overlap between the contents of old and new categories, you may need to examine report
results more carefully to obtain valid statistics. For example, if the “Instant Messaging” and “Web-based
Chat” categories have been merged into a single “Chat and Instant Messaging” category during the time
frame that you are looking at, visits before the merge to sites covered by the “Instant Messaging” and
“Web-based Chat” categories are not counted in the total for “Chat and Instant Messaging”. Likewise,
visits to instant messaging or Web-based chat sites after the merge would not be included in the totals
for the “Instant Messaging” or “Web-based Chat” categories.
results more carefully to obtain valid statistics. For example, if the “Instant Messaging” and “Web-based
Chat” categories have been merged into a single “Chat and Instant Messaging” category during the time
frame that you are looking at, visits before the merge to sites covered by the “Instant Messaging” and
“Web-based Chat” categories are not counted in the total for “Chat and Instant Messaging”. Likewise,
visits to instant messaging or Web-based chat sites after the merge would not be included in the totals
for the “Instant Messaging” or “Web-based Chat” categories.
Using The URL Categories Page in Conjunction with Other Reporting Pages
One of the advantages of the URL Categories page is that it can be used in conjunction with the
and the
to investigate a particular user, but also what types of
applications or websites that a particular user is trying to access.
Top URL Categories by Blocked and
Warned Transactions
Warned Transactions
This section lists the top URL that triggered a block or warning
action to occur per transaction in a graph format. For example, a
user went to a certain URL and because of a specific policy that
is in place, this triggered a block action or a warning. This URL
then gets listed in this graph as a transaction blocked or warning.
action to occur per transaction in a graph format. For example, a
user went to a certain URL and because of a specific policy that
is in place, this triggered a block action or a warning. This URL
then gets listed in this graph as a transaction blocked or warning.
URL Categories Matched
The URL Categories Matched section shows the disposition of
transactions by URL category during the specified time range,
plus bandwidth used and time spent in each category.
transactions by URL category during the specified time range,
plus bandwidth used and time spent in each category.
If the percentage of uncategorized URLs is higher than 15-20%,
consider the following options:
consider the following options:
•
For specific localized URLs, you can create custom URL
categories and apply them to specific users or group policies.
For more information, see the
categories and apply them to specific users or group policies.
For more information, see the
•
You can report uncategorized and misclassified and URLs to
the Cisco for evaluation and database update. See
the Cisco for evaluation and database update. See
.
•
Verify that Web Reputation Filtering and Anti-Malware
Filtering are enabled. Often times, the correlation between
malware and URLs with suspect content is high and it is
likely that they may get caught by subsequent filters. The
system pipeline is set up to catch malicious traffic with other
downstream filters if URL filtering does not have a verdict.
Filtering are enabled. Often times, the correlation between
malware and URLs with suspect content is high and it is
likely that they may get caught by subsequent filters. The
system pipeline is set up to catch malicious traffic with other
downstream filters if URL filtering does not have a verdict.
Table 23-5
URL Categories Report Page Components (continued)
Section
Description