Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160
4-28
AsyncOS 10.0 for Cisco Content Security Management Appliances User Guide
Chapter 4 Using Centralized Email Security Reporting
Understanding the Email Reporting Pages
–
A list of end users who clicked on the rewritten malicious URL.
–
Date and time at which the URL was clicked.
–
Whether the URL was rewritten by a policy or an outbreak filter.
–
Action taken (allow, block, or unknown) when the rewritten URL was clicked. Note that, if a
URL was rewritten by outbreak filter and the final verdict is unavailable, the status is shown as
unknown.
URL was rewritten by outbreak filter and the final verdict is unavailable, the status is shown as
unknown.
Note
For Beta, due to a limitation, status of all outbreak rewritten URLs are shown as
unknown.
unknown.
Top End Users who clicked on Rewritten Malicious URLs
Web Interaction Tracking Details. Includes the following information:
–
A list of all the rewritten URLs (malicious and unmalicious). Click on a URL to view a detailed
report.
report.
–
Action taken (allow, block, or unknown) when a rewritten URL was clicked.
If the verdict of a URL (clean or malicious) was unknown at the time when the end user clicked
it, the status is shown as unknown. This could be because the URL was under further scrutiny
or the web server was down or not reachable at the time of the user click.
it, the status is shown as unknown. This could be because the URL was under further scrutiny
or the web server was down or not reachable at the time of the user click.
–
The number of times end users clicked on a rewritten URL. Click a number to view a list of all
messages that contain the clicked URL.
messages that contain the clicked URL.
•
Note the following:
–
If you have configured a content or message filter to deliver messages after rewriting malicious
URLs and notify another user (for example, an administrator), the web interaction tracking data
for the original recipient is incremented if the notified user clicks on the rewritten URLs.
URLs and notify another user (for example, an administrator), the web interaction tracking data
for the original recipient is incremented if the notified user clicks on the rewritten URLs.
–
If you are sending a copy of quarantined messages containing rewritten URLs to a user other
than the original recipient (for example, to an administrator) using the web interface, the web
interaction tracking data for the original recipient is incremented if the other user clicks on the
rewritten URLs.
than the original recipient (for example, to an administrator) using the web interface, the web
interaction tracking data for the original recipient is incremented if the other user clicks on the
rewritten URLs.
Forged Email Detection Page
•
The Forged Email Detection page includes the following reports:
–
Top Forged Email Detection. Displays the top ten users in the content dictionary that matched
the forged From: header in the incoming messages.
the forged From: header in the incoming messages.
–
Forged Email Detection: Details. Displays a list of all the users in the content dictionary that
matched the forged From: header in the incoming messages and for a given user, the number of
messages matched.
matched the forged From: header in the incoming messages and for a given user, the number of
messages matched.
•
The Forged Email Detection reports are populated only if you are using the Forged Email Detection
content filter or the
content filter or the
forged-email-detection
message filter.