Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

This functionality is also available via the 

quarantineconfig -> outbreakmanage

 CLI command. For 

more information, see the Cisco AsyncOS CLI Reference Guide. 

The appliance includes several tools to monitor the performance and activity of the Outbreak Filters 
feature.

The Outbreak Filters report to view the current status and configuration of Outbreak Filters on your 
appliance as well as information about recent outbreaks and messages quarantined due to Outbreak 
Filters. View this information on the Monitor > Outbreak Filters page. For more information, see the 
“Email Security Monitor” chapter.

The overview and rules listing provide useful information about the current status of the Outbreak Filters 
feature. View this information via the Security Services > Outbreak Filters page.

Use the outbreak quarantine to monitor how many messages are being flagged by your Outbreak Filters 
threat level threshold. Also available is a listing of quarantined messages by rule. For information, see 

The Outbreak Filters feature supports two different types of notifications: regular AsyncOS alerts and 
SNMP traps.

SNMP traps are generated when a rule update fails. For more information about SNMP traps in 
AsyncOS, see the “Managing and Monitoring via the CLI” chapter.

AsyncOS has two types of alerts for the Outbreak Filter feature: size and rule

AsyncOS alerts are generated whenever the Outbreak quarantine’s size goes above 5, 50, 75, and 95 of 
the maximum size. The alert generated for the 95% threshold has a severity of CRITICAL, while the 
remaining alert thresholds are WARNING. Alerts are generated when the threshold is crossed as the 
quarantine size increases. Alerts are not generated when thresholds are crossed as the quarantine size 
decreases. For more information about alerts, see 

AsyncOS also generates alerts when rules are published, the threshold changes, or when a problem 
occurs while updating rules or the CASE engine.