Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
29-17
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 29 Using Email Security Monitor
Email Security Monitor Pages
•
Who is sending the most external email?
•
Who receives the most clean email?
•
Who receives the most number of graymail messages?
•
Who receives the most spam?
•
Who is triggering which content filters?
•
Whose email is getting caught by content filters?
Inbound Internal Users are the users for which you received email, based on the Rcpt To: address.
Outbound Internal Users are based on the Mail From: address and are useful when tracking the types of
email that senders on your internal network are sending.
Outbound Internal Users are based on the Mail From: address and are useful when tracking the types of
email that senders on your internal network are sending.
Note that some outbound mail (like bounces) have a null sender. They are counted under outbound and
“unknown.”
“unknown.”
Click on an internal user to view the Internal User detail page for that user.
Click the Columns link below the table to show columns that are hidden by default, such as the Incoming
Detected by Advanced Malware Protection column.
Detected by Advanced Malware Protection column.
Related Topics
•
•
Internal User Details
The Internal User detail page shows detailed information about the specified user, including a breakdown
of incoming and outgoing messages showing the number of messages in each category (spam detected,
virus detected, detected by Advanced Malware Protection, stopped by content filter, graymail detected,
and clean). Optionally, for incoming messages, you can click the Columns link below the table to show
the Incoming Detected by Advanced Malware Protection column. This value reflects the number
messages that contained attachments that were determined by file reputation filtering to be malicious. It
does not include verdict updates or files found to be malicious by file analysis. Incoming and outgoing
content filter and DLP policy matches are also shown.
of incoming and outgoing messages showing the number of messages in each category (spam detected,
virus detected, detected by Advanced Malware Protection, stopped by content filter, graymail detected,
and clean). Optionally, for incoming messages, you can click the Columns link below the table to show
the Incoming Detected by Advanced Malware Protection column. This value reflects the number
messages that contained attachments that were determined by file reputation filtering to be malicious. It
does not include verdict updates or files found to be malicious by file analysis. Incoming and outgoing
content filter and DLP policy matches are also shown.
Click on a content filter name to view detailed information for that filter in the corresponding content
filter information page (see
filter information page (see
). You can use this method to get a list of
users who also sent or received mail that matched that particular content filter.
Searching for a Specific Internal User
You can search for a specific internal user (email address) via the search form at the bottom of the
Internal Users page and the Internal User detail page. Choose whether to exactly match the search text
or look for items starting with the entered text (for instance, starts with “ex” will match “example.com”).
Internal Users page and the Internal User detail page. Choose whether to exactly match the search text
or look for items starting with the entered text (for instance, starts with “ex” will match “example.com”).
DLP Incidents Page
The DLP Incidents page shows information on the incidents of data loss prevention (DLP) policy
violations occurring in outgoing mail. The appliance uses the DLP email policies enabled in the
Outgoing Mail Policies table to detect sensitive data sent by your users. Every occurrence of an outgoing
message violating a DLP policy is reported as an incident.
violations occurring in outgoing mail. The appliance uses the DLP email policies enabled in the
Outgoing Mail Policies table to detect sensitive data sent by your users. Every occurrence of an outgoing
message violating a DLP policy is reported as an incident.