Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160
4-31
AsyncOS 9.5.2 for Cisco Content Security Management Appliances User Guide
Chapter 4 Using Centralized Email Security Reporting
Understanding the Email Reporting Pages
Viewing File Reputation Filtering Data in Other Reports
Data for file reputation and analysis is available in other reports where relevant. A Detected by Advanced
Malware Protection column may be hidden by default in applicable reports. To display additional
columns, click the Columns link at the bottom of the table.
Malware Protection column may be hidden by default in applicable reports. To display additional
columns, click the Columns link at the bottom of the table.
For Which Files Are Detailed File Analysis Results Visible in the Cloud?
If you have deployed public-cloud File Analysis, you can view detailed results for all files uploaded from
any managed appliance that has been added to the appliance group for File Analysis.
any managed appliance that has been added to the appliance group for File Analysis.
If you have added your management appliance to the group, you can view the list of managed appliances
in the group by clicking the button on the Management Appliance > Centralized Services > Security
Appliances page.
in the group by clicking the button on the Management Appliance > Centralized Services > Security
Appliances page.
Appliances in the analysis group are identified by the File Analysis Client ID. To determine this
identifier for a particular appliance, look in the following location:
identifier for a particular appliance, look in the following location:
File Analysis
Displays the time and verdict (or interim verdict) for each file sent for
analysis. The appliance checks for analysis results every 30 minutes.
analysis. The appliance checks for analysis results every 30 minutes.
To view more than 1000 File Analysis results, export the data as a .csv file.
For deployments with an on-premises Cisco AMP Threat Grid Appliance:
Files that are whitelisted on the AMP Threat Grid appliance show as "clean."
For information about whitelisting, see the AMP Threat Grid documentation
or online help.
Files that are whitelisted on the AMP Threat Grid appliance show as "clean."
For information about whitelisting, see the AMP Threat Grid documentation
or online help.
Drill down to view detailed analysis results, including the threat
characteristics for each file.
characteristics for each file.
You can also search for additional information about an SHA, or click the link
at the bottom of the file analysis details page to view additional details on the
server that analyzed the file.
at the bottom of the file analysis details page to view additional details on the
server that analyzed the file.
To view details on the server that analyzed a file, see
If a file extracted from a compressed or archived file is sent for analysis, only
the SHA value of the extracted file is included in the File Analysis report.
the SHA value of the extracted file is included in the File Analysis report.
AMP Verdict Updates
Because Advanced Malware Protection is focused on targeted and zero-day
threats, threat verdicts can change as aggregated data provides more
information.
threats, threat verdicts can change as aggregated data provides more
information.
The AMP Verdict Updates report lists the files processed by this appliance for
which the verdict has changed since the message was received. For more
information about this situation, see the documentation for your Email
Security appliance.
which the verdict has changed since the message was received. For more
information about this situation, see the documentation for your Email
Security appliance.
To view more than 1000 verdict updates, export the data as a .csv file.
In the case of multiple verdict changes for a single SHA-256, this report
shows only the latest verdict, not the verdict history.
shows only the latest verdict, not the verdict history.
To view all affected messages for a particular SHA-256 within the maximum
available time range (regardless of the time range selected for the report) click
a SHA-256 link.
available time range (regardless of the time range selected for the report) click
a SHA-256 link.
Report Description