Cisco Cisco Content Security Management Appliance M160 Guia Do Utilizador
4-27
AsyncOS 9.5.x for Cisco Content Security Management Appliances User Guide
Chapter 4 Using Centralized Email Security Reporting
Understanding the Email Reporting Pages
•
Results of click-time URL evaluations by the Cisco Web Security proxy are not reflected in reports.
Web Interaction Tracking Page
•
Web Interaction Tracking report modules are populated only if the Web Interaction Tracking feature
is enabled on managed Email Security appliances.
is enabled on managed Email Security appliances.
•
Web Interaction Tracking reports are available for incoming and outgoing messages.
•
Only rewritten URLs (either by policy or Outbreak Filter) clicked by the end users are included in
these modules.
these modules.
•
Web Interaction Tracking page includes the following reports:
Top Rewritten Malicious URLs clicked by End Users. Click on a URL to view a detailed report
that contains the following information:
that contains the following information:
–
A list of end users who clicked on the rewritten malicious URL.
–
Date and time at which the URL was clicked.
–
Whether the URL was rewritten by a policy or an outbreak filter.
–
Action taken (allow, block, or unknown) when the rewritten URL was clicked. Note that, if a
URL was rewritten by outbreak filter and the final verdict is unavailable, the status is shown as
unknown.
URL was rewritten by outbreak filter and the final verdict is unavailable, the status is shown as
unknown.
Top End Users who clicked on Rewritten Malicious URLs
Web Interaction Tracking Details. Includes the following information:
–
A list of all the rewritten URLs (malicious and unmalicious). Click on a URL to view a detailed
report.
report.
–
Action taken (allow, block, or unknown) when a rewritten URL was clicked.
If the verdict of a URL (clean or malicious) was unknown at the time when the end user clicked
it, the status is shown as unknown. This could be because the URL was under further scrutiny
or the web server was down or not reachable at the time of the user click.
it, the status is shown as unknown. This could be because the URL was under further scrutiny
or the web server was down or not reachable at the time of the user click.
–
The number of times end users clicked on a rewritten URL. Click a number to view a list of all
messages that contain the clicked URL.
messages that contain the clicked URL.
•
Note the following:
–
If you have configured a content or message filter to deliver messages after rewriting malicious
URLs and notify another user (for example, an administrator), the web interaction tracking data
for the original recipient is incremented if the notified user clicks on the rewritten URLs.
URLs and notify another user (for example, an administrator), the web interaction tracking data
for the original recipient is incremented if the notified user clicks on the rewritten URLs.
–
If you are sending a copy of quarantined messages containing rewritten URLs to a user other
than the original recipient (for example, to an administrator) using the web interface, the web
interaction tracking data for the original recipient is incremented if the other user clicks on the
rewritten URLs.
than the original recipient (for example, to an administrator) using the web interface, the web
interaction tracking data for the original recipient is incremented if the other user clicks on the
rewritten URLs.
Advanced Malware Protection (File Reputation and File Analysis) Reporting
Pages
Pages
•
•