Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160
5-23
AsyncOS 9.1 for Cisco Content Security Management Appliances User Guide
Chapter 5 Using Centralized Web Reporting and Tracking
Web Reporting Page Descriptions
Advanced Malware Protection (File Reputation and File Analysis) Report Pages
Report Description
Advanced Malware
Protection
Protection
Shows file-based threats that were identified by the file reputation service.
To see the users who tried to access each SHA, and the filenames associated
with that SHA-256, click a SHA-256 in the table.
with that SHA-256, click a SHA-256 in the table.
Clicking the link at the bottom of Malware Threat File Details report page
displays all instances of the file in Web Tracking that were encountered
within the maximum available time range, regardless of the time range
selected for the report.
displays all instances of the file in Web Tracking that were encountered
within the maximum available time range, regardless of the time range
selected for the report.
For files with changed verdicts, see the AMP Verdict updates report. Those
verdicts are not reflected in the Advanced Malware Protection report.
verdicts are not reflected in the Advanced Malware Protection report.
If a file extracted from a compressed or archived file is malicious, only the
SHA value of the compressed or archived file is included in the Advanced
Malware Protection report.
SHA value of the compressed or archived file is included in the Advanced
Malware Protection report.
File Analysis
Displays the time and verdict (or interim verdict) for each file sent for
analysis.
analysis.
To view more than 1000 File Analysis results, export the data as a .csv file.
Drill down to view detailed analysis results, including the threat
characteristics and score for each file.
characteristics and score for each file.
You can also search the cloud service for additional information about an
SHA. The link is on the result details page.
SHA. The link is on the result details page.
See also
.
If a file extracted from a compressed or archived file is sent for analysis, only
the SHA value of the extracted file is included in the File Analysis report.
the SHA value of the extracted file is included in the File Analysis report.
AMP Verdict Updates
Lists the files processed by this appliance for which the verdict has changed
since the transaction was processed. For more information about this
situation, see the documentation for your Web Security appliance.
since the transaction was processed. For more information about this
situation, see the documentation for your Web Security appliance.
To view more than 1000 verdict updates, export the data as a .csv file.
In the case of multiple verdict changes for a single SHA-256, this report
shows only the latest verdict, not the verdict history.
shows only the latest verdict, not the verdict history.
If multiple Web Security appliances have different verdict updates for the
same file, the result with the latest time stamp is displayed.
same file, the result with the latest time stamp is displayed.
Clicking an SHA-256 link displays web tracking results for all transactions
that included this SHA-256 within the maximum available time range,
regardless of the time range selected for the report.
that included this SHA-256 within the maximum available time range,
regardless of the time range selected for the report.
To view all affected transactions for a particular SHA-256 within the
maximum available time range (regardless of the time range selected for the
report), click the link at the bottom of the Malware Threat Files page.
maximum available time range (regardless of the time range selected for the
report), click the link at the bottom of the Malware Threat Files page.