Cisco Cisco Web Security Appliance S160 Guia Do Utilizador
14-8
AsyncOS 8.7 for Cisco Web Security Appliances User Guide
Chapter 14 File Reputation Filtering and File Analysis
File Reputation and File Analysis Reporting and Tracking
In most reports, files are listed by their SHA-256 value (in an abbreviated format). To identify the
filenames associated with a malware instance in your organization, select Reporting >
Advanced Malware Protection and click an SHA-256 link in the table. The details page shows associated
filenames.
filenames associated with a malware instance in your organization, select Reporting >
Advanced Malware Protection and click an SHA-256 link in the table. The details page shows associated
filenames.
File Reputation and File Analysis Report Pages
Report Description
Advanced Malware
Protection
Protection
Shows file-based threats that were identified by the file reputation service.
To see the users who tried to access each SHA, and the filenames associated
with that SHA-256, click a SHA-256 in the table.
with that SHA-256, click a SHA-256 in the table.
Clicking the link at the bottom of Malware Threat File Details report page
displays all instances of the file in Web Tracking that were encountered
within the maximum available time range, regardless of the time range
selected for the report.
displays all instances of the file in Web Tracking that were encountered
within the maximum available time range, regardless of the time range
selected for the report.
For files with changed verdicts, see the AMP Verdict updates report. Those
verdicts are not reflected in the Advanced Malware Protection report.
verdicts are not reflected in the Advanced Malware Protection report.
Note
File Analysis
Displays the time and verdict (or interim verdict) for each file sent for
analysis.
analysis.
To view more than 1000 File Analysis results, export the data as a .csv file.
Drill down to view detailed analysis results, including the threat
characteristics and score for each file.
characteristics and score for each file.
You can also view additional details about an SHA directly on the server that
performed the analysis by searching for the SHA or by clicking link at the
bottom of the file analysis details page.
performed the analysis by searching for the SHA or by clicking link at the
bottom of the file analysis details page.
AMP Verdict Updates
Lists the files processed by this appliance for which the verdict has changed
since the transaction was processed. For information about this situation, see
since the transaction was processed. For information about this situation, see
To view more than 1000 verdict updates, export the data as a .csv file.
In the case of multiple verdict changes for a single SHA-256, this report
shows only the latest verdict, not the verdict history.
shows only the latest verdict, not the verdict history.
Clicking an SHA-256 link displays web tracking results for all transactions
that included this SHA-256 within the maximum available time range,
regardless of the time range selected for the report.
that included this SHA-256 within the maximum available time range,
regardless of the time range selected for the report.
To view all affected transactions for a particular SHA-256 within the
maximum available time range (regardless of the time range selected for the
report) click the link at the bottom of the Malware Threat Files page.
maximum available time range (regardless of the time range selected for the
report) click the link at the bottom of the Malware Threat Files page.