Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160
4-33
AsyncOS 8.3.5 for Cisco Content Security Management User Guide
Chapter 4 Using Centralized Email Security Reporting
Understanding the Email Reporting Pages
The Threat Details listing displays information about specific outbreaks, including the threat category
(virus, scam, or phishing), threat name, a description of the threat, and the number of messages
identified. For virus outbreaks, the Past Year Virus Outbreaks include the Outbreak name and ID, time
and date a virus outbreak was first seen globally, the protection time provided by Outbreak filters, and
the number of quarantined messages. You can choose whether to view global or local outbreaks.
(virus, scam, or phishing), threat name, a description of the threat, and the number of messages
identified. For virus outbreaks, the Past Year Virus Outbreaks include the Outbreak name and ID, time
and date a virus outbreak was first seen globally, the protection time provided by Outbreak filters, and
the number of quarantined messages. You can choose whether to view global or local outbreaks.
The First Seen Globally time is determined by the Threat Operations Center, based on data from the
SenderBase, the world’s largest email and web traffic monitoring network. The Protection Time is based
on the difference between when each threat was detected by the Threat Operations Center and the release
of an anti-virus signature by a major vendor.
SenderBase, the world’s largest email and web traffic monitoring network. The Protection Time is based
on the difference between when each threat was detected by the Threat Operations Center and the release
of an anti-virus signature by a major vendor.
A value of “--” indicates either a protection time does not exist, or the signature times were not available
from the anti-virus vendors (some vendors may not report signature times). This does not indicate a
protection time of zero. Rather, it means that the information required to calculate the protection time is
not available.
from the anti-virus vendors (some vendors may not report signature times). This does not indicate a
protection time of zero. Rather, it means that the information required to calculate the protection time is
not available.
Other modules on this page provide:
•
The number of incoming messages processed by Outbreak Filters in the selected time period.
Non-viral threats include phishing emails, scams, and malware distribution using links to an external
website.
website.
•
Severity of threats caught by Outbreak Filters.
Level 5 threats are severe in scope or impact, while Level 1 represents low threat risk. For
descriptions of threat levels, see the online help or user guide for your Email Security appliance.
descriptions of threat levels, see the online help or user guide for your Email Security appliance.
•
Length of time messages spent in the Outbreak Quarantine.
This duration is determined by the time it takes the system to compile enough data about the
potential threat to make a verdict on its safety. Messages with viral threats typically spend more time
in the quarantine than those with non-viral threats, because they must wait for anti-virus program
updates. The maximum retention time that you specify for each mail policy is also reflected.
potential threat to make a verdict on its safety. Messages with viral threats typically spend more time
in the quarantine than those with non-viral threats, because they must wait for anti-virus program
updates. The maximum retention time that you specify for each mail policy is also reflected.
•
The URLs most frequently rewritten to redirect message recipients to the Cisco Web Security Proxy
for click-time evaluation of the site if and when the recipient clicks a potentially malicious link in a
message.
for click-time evaluation of the site if and when the recipient clicks a potentially malicious link in a
message.
This list may include URLs that are not malicious, because if any URL in a message is deemed
malicious, then all URLs in the message are rewritten.
malicious, then all URLs in the message are rewritten.
Note
In order to correctly populate the tables on the Outbreak Filters reporting page, the appliance must be
able to communicate with the Cisco update servers specified in Management Appliance > System
Administration > Update Settings.
able to communicate with the Cisco update servers specified in Management Appliance > System
Administration > Update Settings.
For more information, see the Outbreak Filters chapter in the online help or user guide for your Email
Security appliance.
Security appliance.
System Capacity Page
The Email > Reporting > System Capacity page provides a detailed representation of the system load,
including messages in the work queue, incoming and outgoing messages (volume, size, and number),
overall CPU usage, CPU usage by function, and memory page swapping information.
including messages in the work queue, incoming and outgoing messages (volume, size, and number),
overall CPU usage, CPU usage by function, and memory page swapping information.
The System Capacity page can be used to determine the following information: