Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160
6-7
AsyncOS 9.5.2 for Cisco Content Security Management Appliances User Guide
Chapter 6 Tracking Email Messages
Searching for Email Messages
Narrowing the Result Set
After you run a query, you might find that the result set includes more information than you need. Instead
of creating a new query, narrow the result set by clicking a value within a row in the list of results.
Clicking a value adds the parameter value as a condition in the search. For example, if the query results
include messages from multiple dates, click a particular date within a row to show only messages that
were received on that date.
of creating a new query, narrow the result set by clicking a value within a row in the list of results.
Clicking a value adds the parameter value as a condition in the search. For example, if the query results
include messages from multiple dates, click a particular date within a row to show only messages that
were received on that date.
Procedure
Step 1
Float the cursor over the value that you want to add as a condition. The value is highlighted in yellow.
Use the following parameter values to refine the search:
•
Date and time
•
Message ID (MID)
•
Host (the Email Security appliance)
•
Sender
•
Recipient
•
The subject line of the message, or starting words of the subject
Step 2
Click the value to refine the search.
The Results section displays the messages that match the original query parameters and the new
condition that you added.
condition that you added.
Step 3
If necessary, click additional values in the results to further refine the search.
Note
To remove query conditions, click Clear and run a new tracking query.
About Message Tracking and Advanced Malware Protection Features
When searching for file threat information in Message Tracking, keep the following points in mind:
•
To search for malicious files found by the file reputation service, select Advanced Malware
Protection Positive for the Message Event option in the Advanced section in Message Tracking.
Protection Positive for the Message Event option in the Advanced section in Message Tracking.
•
Message Tracking includes only information about file reputation processing and the original file
reputation verdicts returned at the time a message was processed. For example, if a file was initially
found to be clean, then a verdict update found the file to be malicious, only the clean verdict appears
in Tracking results.
reputation verdicts returned at the time a message was processed. For example, if a file was initially
found to be clean, then a verdict update found the file to be malicious, only the clean verdict appears
in Tracking results.
In Message Tracking details, the Processing Details section shows:
–
The SHA-256 of each attachment in the message, and
–
The final Advanced Malware Protection verdict for the message as a whole, and
–
Any attachments which were found to contain malware.
No information is provided for clean or unscannable attachments.