Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160
4-28
AsyncOS 9.6 for Cisco Content Security Management Appliances User Guide
Chapter 4 Using Centralized Email Security Reporting
Understanding the Email Reporting Pages
–
Date and time at which the URL was clicked.
–
Whether the URL was rewritten by a policy or an outbreak filter.
–
Action taken (allow, block, or unknown) when the rewritten URL was clicked. Note that, if a
URL was rewritten by outbreak filter and the final verdict is unavailable, the status is shown as
unknown.
URL was rewritten by outbreak filter and the final verdict is unavailable, the status is shown as
unknown.
Top End Users who clicked on Rewritten Malicious URLs
Web Interaction Tracking Details. Includes the following information:
–
A list of all the rewritten URLs (malicious and unmalicious). Click on a URL to view a detailed
report.
report.
–
Action taken (allow, block, or unknown) when a rewritten URL was clicked.
If the verdict of a URL (clean or malicious) was unknown at the time when the end user clicked
it, the status is shown as unknown. This could be because the URL was under further scrutiny
or the web server was down or not reachable at the time of the user click.
it, the status is shown as unknown. This could be because the URL was under further scrutiny
or the web server was down or not reachable at the time of the user click.
–
The number of times end users clicked on a rewritten URL. Click a number to view a list of all
messages that contain the clicked URL.
messages that contain the clicked URL.
•
Note the following:
–
If you have configured a content or message filter to deliver messages after rewriting malicious
URLs and notify another user (for example, an administrator), the web interaction tracking data
for the original recipient is incremented if the notified user clicks on the rewritten URLs.
URLs and notify another user (for example, an administrator), the web interaction tracking data
for the original recipient is incremented if the notified user clicks on the rewritten URLs.
–
If you are sending a copy of quarantined messages containing rewritten URLs to a user other
than the original recipient (for example, to an administrator) using the web interface, the web
interaction tracking data for the original recipient is incremented if the other user clicks on the
rewritten URLs.
than the original recipient (for example, to an administrator) using the web interface, the web
interaction tracking data for the original recipient is incremented if the other user clicks on the
rewritten URLs.
Advanced Malware Protection (File Reputation and File Analysis) Reporting
Pages
Pages
•
•
•
•
Requirements for File Analysis Report Details
(Cloud File Analysis) Ensure That the Management Appliance Can Reach the File Analysis Server
In order to obtain File Analysis report details, the appliance must be able to connect to the File Analysis
server over port 443. See details in
server over port 443. See details in
If your Cisco Content Security Management appliance does not have a direct connection to the internet,
configure a proxy server for this traffic (See
configure a proxy server for this traffic (See
already configured the appliance to use a proxy to obtain upgrades and service updates, the existing
settings are used.
settings are used.