Cisco Cisco Content Security Management Appliance M160 사용자 가이드
6-8
AsyncOS 8.3.6 for Cisco Content Security Management User Guide
Chapter 6 Tracking Email Messages
Understanding Tracking Query Results
•
Verdict updates are available only in the AMP Verdict Updates report. The original message details
in Message Tracking are not updated with verdict changes. To see messages that have a particular
attachment, click a SHA-256 in the verdict updates report.
in Message Tracking are not updated with verdict changes. To see messages that have a particular
attachment, click a SHA-256 in the verdict updates report.
•
Information about File Analysis, including analysis results and whether or not a file was sent for
analysis, are available only in the File Analysis report.
analysis, are available only in the File Analysis report.
Additional information about an analyzed file may be available from the cloud. To view any
available File Analysis information for a file, select Monitor > File Analysis and enter the SHA-256
to search for the file. If the File Analysis service has analyzed the file from any source, you can see
the details. Results are displayed only for files that have been analyzed.
available File Analysis information for a file, select Monitor > File Analysis and enter the SHA-256
to search for the file. If the File Analysis service has analyzed the file from any source, you can see
the details. Results are displayed only for files that have been analyzed.
If the appliance processed a subsequent instance of a file that was sent for analysis, those instances
will appear in Message Tracking search results.
will appear in Message Tracking search results.
Related Topics
•
Understanding Tracking Query Results
If results are not what you expected, see
.
Tracking query results list all of the messages that match the criteria specified in the tracking query.
Except for the Message Event options, the query conditions are added with an “AND” operator. The
messages in the result set must satisfy all of the “AND” conditions. For example, if you specify that the
envelope sender begins with
Except for the Message Event options, the query conditions are added with an “AND” operator. The
messages in the result set must satisfy all of the “AND” conditions. For example, if you specify that the
envelope sender begins with
J
and you specify that the subject begins with
T
, the query returns a message
only if both conditions are true for that message.
To view detailed information about a message, click the Show Details link for that message. For more
information, see the
information, see the
.
Note
•
Messages with 50 or more recipients will not appear in tracking query results. This issue will be
resolved in a future release.
resolved in a future release.
•
You can choose to display up to 1000 search results when you specify your query. To view up to
50,000 messages that match your criteria, click the Export All link above the search results section
and open the resulting .csv file in another application.
50,000 messages that match your criteria, click the Export All link above the search results section
and open the resulting .csv file in another application.
•
If you clicked a link in a report page to view message details in Message Tracking, and the results
are unexpected, this can occur if reporting and tracking were not both simultaneously and
continuously enabled during the time period you are reviewing.
are unexpected, this can occur if reporting and tracking were not both simultaneously and
continuously enabled during the time period you are reviewing.
•
For information about printing or exporting message tracking search results, see
Message Details
To view detailed information about a particular email message, including the message header
information and processing details, click Show Details for any item in the search results list. A new
window opens with the message details.
information and processing details, click Show Details for any item in the search results list. A new
window opens with the message details.
The message details include the following sections: