Outbreak Filtering Page
The Outbreak Filtering report page shows information about recent outbreaks and messages quarantined due to Outbreak Filters. You can use this page to monitor your defense against targeted virus, scam, and phishing attacks.
Use the Outbreak Filtering report page to answer the following types of questions:
-
How many messages are quarantined and by which Outbreak Filters rule?
-
How long do messages stay in the Outbreak Quarantine?
-
Which potentially malicious URLs are most frequently seen?
To view the Outbreak Filtering report page on the Security Management appliance, select Email from the Product drop-down and choose Monitoring > Outbreak Filtering from the Reports drop-down. For more information, see Using the Interactive Report Pages.
The following table explains the various sections on the Outbreak Filtering report page:
|
Section |
Description |
|---|---|
|
Time Range (drop-down list) |
A drop-down list with options for choosing a time range to view. For more information, see Choosing a Time Range for Reports. |
|
View Data For (drop-down list) |
Choose an Email Security appliance for which you want to view the data, or choose All Email Appliances. See also Viewing Reporting Data for an Appliance or Reporting Group. |
|
Threats By Type |
The Threats by Type section shows the different types of threat messages received by the appliance. |
|
Threat Summary |
The Threat Summary section shows a breakdown of the messages by Malware, Phish, Scam and Virus. To view Message Tracking details for the messages that populate this report, click a blue number link in the table. |
|
Threat Details |
The Threat Details interactive table shows details about specific outbreaks, including the threat category (virus, scam, or phishing), threat name, a description of the threat, and the number of messages identified. To view Message Tracking details for the messages that populate this report, click a blue number link in the table. |
|
Hit Messages from Incoming Messages |
The Hit Messages from Incoming Messages section shows the chart and summary of the number of incoming messages processed by Outbreak Filters in the selected time period. Non-viral threats include phishing emails, scams, and malware distribution using links to an external website. |
|
Hit Messages by Threat Level |
The Hit Messages by Threat Level section shows the chart and summary of the severity of threats caught by Outbreak Filters. Level 5 threats are severe in scope or impact, while Level 1 represents low threat risk. For descriptions of threat levels, see the online help or user guide for your Email Security appliance. |
|
Messages resided in Outbreak Quarantine |
The Messages resided in Outbreak Quarantine shows the length of time messages spent in the Outbreak Quarantine. This duration is determined by the time it takes the system to compile enough data about the potential threat to make a verdict on its safety. Messages with viral threats typically spend more time in the quarantine than those with non-viral threats, because they must wait for anti-virus program updates. The maximum retention time that you specify for each mail policy is also reflected. |
|
Top URL’s Rewritten |
The Top URL’s Rewritten section shows the URLs that are most frequently rewritten to redirect message recipients to the Cisco Web Security Proxy for click-time evaluation of the site if and when the recipient clicks a potentially malicious link in a message. This list may include URLs that are not malicious, because if any URL in a message is deemed malicious, then all URLs in the message are rewritten. To view Message Tracking details for the messages that populate this report, click a blue number link in the table. |
Note | In order to correctly populate the tables on the Outbreak Filtering report page, the appliance must be able to communicate with the Cisco update servers. |
For more information, see the Outbreak Filters chapter in the online help or user guide for your Email Security appliance.