Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160
5-27
AsyncOS 9.1 for Cisco Content Security Management Appliances User Guide
Chapter 5 Using Centralized Web Reporting and Tracking
Web Reporting Page Descriptions
Adjusting Web Reputation Settings
Based on your report results, you may want to adjust the configured web reputation settings, for example
adjust the threshold scores or enable or disable Adaptive Scanning. For specific information about
configuring web reputation settings, see the online help or user guide for your Web Security appliance.
adjust the threshold scores or enable or disable Adaptive Scanning. For specific information about
configuring web reputation settings, see the online help or user guide for your Web Security appliance.
L4 Traffic Monitor Report
The Web > Reporting> L4 Traffic Monitor page displays information about malware ports and
malware sites that the L4 Traffic Monitors on your Web Security appliances have detected during the
specified time range. It also displays IP addresses of clients that frequently encounter malware sites.
malware sites that the L4 Traffic Monitors on your Web Security appliances have detected during the
specified time range. It also displays IP addresses of clients that frequently encounter malware sites.
The L4 Traffic Monitor listens to network traffic that comes in over all ports on each Web Security
appliance and matches domain names and IP addresses against entries in its own database tables to
determine whether to allow incoming and outgoing traffic.
appliance and matches domain names and IP addresses against entries in its own database tables to
determine whether to allow incoming and outgoing traffic.
You can use data in this report to determine whether to block a port or a site, or to investigate why a
particular client IP address is connecting unusually frequently to a malware site (for example, this could
be because the computer associated with that IP address is infected with malware that is trying to connect
to a central command and control server.)
particular client IP address is connecting unusually frequently to a malware site (for example, this could
be because the computer associated with that IP address is infected with malware that is trying to connect
to a central command and control server.)
Tip
To customize your view of this report, see
Table 5-11
L4 Traffic Monitor Report Page Components
Section
Description
Time Range (drop-down list)
A menu that allows you to choose a time range on which to report.
For more information, see
For more information, see
.
Top Client IPs
This section displays, in graph format, the IP addresses of
computers in your organization that most frequently connect to
malware sites.
computers in your organization that most frequently connect to
malware sites.
Click the Chart Options link below the chart to change the display
from total Malware Connections Detected to Malware
Connections Monitored or Malware Connections Blocked.
from total Malware Connections Detected to Malware
Connections Monitored or Malware Connections Blocked.
This chart is the same as the “L4 Traffic Monitor: Malware
Connections Detected” chart on the
Connections Detected” chart on the
.
Top Malware Sites
This section displays, in graph format, the top malware domains
detected by the L4 Traffic Monitor.
detected by the L4 Traffic Monitor.
Click the Chart Options link below the chart to change the display
from total Malware Connections Detected to Malware
Connections Monitored or Malware Connections Blocked.
from total Malware Connections Detected to Malware
Connections Monitored or Malware Connections Blocked.