Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160
5-27
AsyncOS 9.5.2 for Cisco Content Security Management Appliances User Guide
Chapter 5 Using Centralized Web Reporting and Tracking
Web Reporting Page Descriptions
Tip
To customize your view of this report, see
Web Reputation Filters Report
The Web > Reporting > Web Reputation Filters allows you to view the results of your set Web
Reputation filters for transactions during a specified time range.
Reputation filters for transactions during a specified time range.
What are Web Reputation Filters?
Web Reputation Filters analyze web server behavior and assign a reputation score to a URL to determine
the likelihood that it contains URL-based malware. It helps protect against URL-based malware that
threatens end-user privacy and sensitive corporate information. The Web Security appliance uses URL
reputation scores to identify suspicious activity and stop malware attacks before they occur. You can use
Web Reputation Filters with both Access and Decryption Policies.
the likelihood that it contains URL-based malware. It helps protect against URL-based malware that
threatens end-user privacy and sensitive corporate information. The Web Security appliance uses URL
reputation scores to identify suspicious activity and stop malware attacks before they occur. You can use
Web Reputation Filters with both Access and Decryption Policies.
Web Reputation Filters use statistical data to assess the reliability of Internet domains and score the
reputation of URLs. Data such as how long a specific domain has been registered, or where a web site
is hosted, or whether a web server is using a dynamic IP address is used to judge the trustworthiness of
a given URL.
reputation of URLs. Data such as how long a specific domain has been registered, or where a web site
is hosted, or whether a web server is using a dynamic IP address is used to judge the trustworthiness of
a given URL.
The web reputation calculation associates a URL with network parameters to determine the probability
that malware exists. The aggregate probability that malware exists is then mapped to a Web Reputation
Score between -10 and +10, with +10 being the least likely to contain malware.
that malware exists. The aggregate probability that malware exists is then mapped to a Web Reputation
Score between -10 and +10, with +10 being the least likely to contain malware.
Example parameters include the following:
•
URL categorization data
•
Presence of downloadable code
Web Proxy: Client Malware Risk
The Web Proxy: Client Malware Risk table shows detailed
information about particular clients that are displayed in the Web
Proxy: Top Clients by Malware Risk section.
information about particular clients that are displayed in the Web
Proxy: Top Clients by Malware Risk section.
You can click each user in this table to view the User Details page
associated with that client. For information about that page, see
the
associated with that client. For information about that page, see
the
.
Clicking on any of the links in the table allows you to view more
granular details about individual users and what activity they are
performing that is triggering the malware risk. For example,
clicking on the link in the “User ID / Client IP Address” column
takes you to a User page for that user.
granular details about individual users and what activity they are
performing that is triggering the malware risk. For example,
clicking on the link in the “User ID / Client IP Address” column
takes you to a User page for that user.
L4 Traffic Monitor: Clients by Malware
Risk
Risk
This table displays IP addresses of computers in your
organization that frequently connect to malware sites.
organization that frequently connect to malware sites.
This table is the same as the “Client Source IPs” table on the
. For information about
working with this table, see that section.
Table 5-9
Client Malware Risk Report Page Components (continued)
Section
Description