Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160
5-22
AsyncOS 8.3.5 for Cisco Content Security Management User Guide
Chapter 5 Using Centralized Web Reporting and Tracking
Web Reporting Page Descriptions
If your Security Management appliance does not have a direct connection to the internet, configure a
proxy server for this traffic (See
proxy server for this traffic (See
.) If you have already
configured the appliance to use a proxy to obtain upgrades and service updates, the existing settings are
used.
used.
If you use an HTTPS proxy, the proxy must not decrypt the traffic; use a pass-through mechanism for
communications with the File Analysis server. . The proxy server must trust the certificate from the Fire
Analysis server, but need not provide its own certificate to the File Analysis server.
communications with the File Analysis server. . The proxy server must trust the certificate from the Fire
Analysis server, but need not provide its own certificate to the File Analysis server.
For any additional requirements, see the Release Notes for your Security Management appliance release,
available from
available from
Identifying Files by SHA-256 Hash
Because filenames can easily be changed, the appliance generates an identifier for each file using a
Secure Hash Algorithm (SHA-256). If an appliance processes the same file with different names, all
instances are recognized as the same SHA-256. If multiple appliances process the same file, all instances
of the file have the same SHA-256 identifier.
Secure Hash Algorithm (SHA-256). If an appliance processes the same file with different names, all
instances are recognized as the same SHA-256. If multiple appliances process the same file, all instances
of the file have the same SHA-256 identifier.
In most reports, files are listed by their SHA-256 value (in an abbreviated format). To identify the
filenames associated with a malware instance in your organization, select Reporting > Advanced
Malware Protection and click an SHA-256 link in the table. The details page shows associated filenames.
filenames associated with a malware instance in your organization, select Reporting > Advanced
Malware Protection and click an SHA-256 link in the table. The details page shows associated filenames.
Advanced Malware Protection (File Reputation and File Analysis) Report Pages
Report Description
Advanced Malware
Protection
Protection
Shows file-based threats that were identified by the file reputation service.
To see the users who tried to access each SHA, and the filenames associated
with that SHA-256, click a SHA-256 in the table.
with that SHA-256, click a SHA-256 in the table.
Clicking the link at the bottom of Malware Threat File Details report page
displays all instances of the file in Web Tracking that were encountered
within the maximum available time range, regardless of the time range
selected for the report.
displays all instances of the file in Web Tracking that were encountered
within the maximum available time range, regardless of the time range
selected for the report.
For files with changed verdicts, see the AMP Verdict updates report. Those
verdicts are not reflected in the Advanced Malware Protection report.
verdicts are not reflected in the Advanced Malware Protection report.