Understanding the Email Reporting Pages on the New Web Interface

Note

This list represents the reports available in the latest supported release of AsyncOS for Email Security appliances under the Reports drop-down of the web interface. For more information, see Using the Interactive Report Pages. If your Email Security appliances are running earlier releases of AsyncOS, not all of these reports are available.

Email Reports Drop-down Options
Reports Drop-down Option	Action
Mail Flow Summary Page	The Mail Flow Summary report page provides a synopsis of the activity on your Email Security appliances. It includes graphs and summary tables for the incoming and outgoing messages. For more information, see the Mail Flow Summary Page.
System Capacity Page	The System Capacity report page shows detailed information about the overall workload of the reporting data, sent to the Security Management appliance. For more information, see the System Capacity Page.
File and Malware Reports
Advanced Malware Protection Page (File Reputation and File Analysis)	The Advanced Malware Protection report page shows reporting views that displays details of Summary, File Reputation, File Analysis, File Retrospection and Mailbox Auto Remediation, for incoming and outgoing file-based threats. For more information, see the Advanced Malware Protection Page.
Virus Filtering Page	The Virus Filtering report page provides an overview of the viruses that are sent to and from your network. This page displays the viruses that have been detected by the virus scanning engines running on the Email Security appliances and are displayed on the Security Management appliance. Use this report to take action against a particular virus. For more information, see the Virus Filtering Page.
Macro Detection Page	The Macro Detection report page shows the top incoming and outgoing macro-enabled attachments by file type detected by the content filter and message filters. For more information, see the Macro Detection Page.
Email Threat Reports
DMARC Verification Page	The DMARC Verification report page shows the top sender domains that failed Domain-based Message Authentication, Reporting and Conformance (DMARC) verification, and a summary of the actions taken for incoming messages from each domain. For more information, see the DMARC Verification Page.
Outbreak Filtering Page	The Outbreak Filters page shows information about recent outbreaks and the messages quarantined by Outbreak Filters. Use this page to monitor your defense against phishing, scam, virus and malware attacks. For more information, see the Outbreak Filtering Page.
URL Filtering Page	Use this page to view the URL categories most frequently occurring in messages, the most common URLs in spam messages, and the number of malicious and neutral URLs seen in messages. For more information, see the URL Filtering Page.
URL Retrospection Report Page	The URL Retrospection Report page shows URLs processed by the URL Retrospective Service. This page lists the malicious URLs, date and time when verdict is received from the URL Retrospective Service, and the remediation status of impacted messages. For more information, see URL Retrospection Report page.
Forged Email Detection Page	The Forged Email Detection report page includes the following reports: Top Forged Email Detection. Displays the top ten users in the content dictionary that matched the forged From: header in the incoming messages. Forged Email Detection: Details. Displays a list of all the users in the content dictionary that matched the forged From: header in the incoming messages and for a given user, the number of messages matched. For more information, see the Forged Email Detection Page.
Sender Domain Reputation Page	You can use this report page to view incoming messages based on the verdict received and threat category from the SDR service For more information, see the Sender Domain Reputation Page.
External Threat Feeds Page	The External Threat Feeds page shows the following reports: Top ETF sources that is used to detect threats in messages. Top IOCs that matched threats detected in messages. Top ETF sources that is used to filter malicious incoming mail connections For more information, see the External Threat Feeds Page.
Safe Print	You can use the Safe Print report page to view: Number of safe-printed attachments based on the file type in graphical format. Summary of safe-printed attachments based on the file type in tabular format. For more information, see the Safe Print Page.
Advanced Phishing Protection Page	You can use the Advanced Phishing Protection report page to view: Total number of messages successfully forwarded to the Cisco Advanced Phishing Protection cloud service. Total number of messages that are not forwarded to the Cisco Advanced Phishing Protection cloud service. For more information, see the Advanced Phishing Protection Reports Page.
Connection and Flow Reports
Mail Flow Details Page	The Mail Flow Details report page provides interactive reporting on the real-time information for all remote hosts connecting to your managed Email Security appliances. You can gather information about the IP addresses, domains, and network owners (organizations) sending mail to your system. For more information, see the Mail Flow Details Page.
Sender Groups Page	The Sender Groups report page provides a summary of connections by sender group and mail flow policy action, allowing you to review SMTP connection and mail flow policy trends. For more information, see the Sender Groups Page.
Outgoing Destinations Page	The Outgoing Destinations report page provides information about the domains that your organization sends mail to. The top of the page includes graphs depicting the top destinations by outgoing threat messages and top destinations by outgoing clean messages. The bottom of the page displays a chart with columns sorted by total recipients (default setting). For more information, see the Outgoing Destinations Page.
TLS Encryption Page	The TLS Encryption report page shows the overall usage of TLS connections for sent and received mail. The report also shows details for each domain sending mail using TLS connections. For more information, see the TLS Encryption Page.
Inbound SMTP Authentication Page	The Inbound SMTP authentication report page shows the use of client certificates and the SMTP AUTH command to authenticate SMTP sessions between the Email Security appliance and users’ mail clients. For more information, see the Inbound SMTP Authentication Page.
Rate Limits Page	The Rate Limits report page shows the mail senders (based on MAIL-FROM address) who exceed the threshold you set for the number of message recipients per sender. For more information, see the Rate Limits Page.
Connections by Country Page	The Connections by Country report page shows the: Top incoming mail connections based on country of origin in graphical format. Total incoming mail connections and messages based on country of origin in tabular format. For more information, see the Connections by Country Page.
Domain Protection Page	You can use the Domain Protection report page of the new web interface of your appliance to view: Summary of messages that are classified as legitimate or threat, in a graphical format. Summary of the destination domains details based on the senders, in a tabular format. For more information, see the Domain Protection Page.
User Reports
User Mail Summary Page	The User Mail Summary report provides information about the mail sent and received by your internal users per email address. A single user can have multiple email addresses. The email addresses are not combined in the report. For more information, see the User Mail Summary.
DLP Incident Summary Page	The DLP Incident Summary report page shows information on the incidents of data loss prevention (DLP) policy violations occurring in outgoing mail. For more information, see the DLP Incident Summary Page.
Web Interaction Page	The Web Interaction report page identifies the end users who clicked URLs rewritten by policy or Outbreak Filter, and the action associated with each user click. For more information, see the Web Interaction Page.
Remediation Reports Page	You can now monitor the remediation results for Mailbox Auto Remediation and Mailbox Search and Remediate using the Remediation Report. This report provides a summary of: Total number of messages attempted for remediation using Mailbox Auto Remediation and Mailbox Search and Remediate. Number of messages successfully remediated for a configured remedial action. Number of messages for which the remediation failed. Click the Mailbox Auto Remediation and Mailbox Search and Remediate tabs in the report to view details about the messages for which the remediation was attempted. For more information, see the Remediation Reports Page
Filter Reports
Message Filters Page	The Message Filters report page shows information about the top message filter matches (which message filters had the largest number of matching messages) for incoming and outgoing messages. For more information, see the Message Filters Page.
High Volume Mail Page	The High Volume Mail report page identifies attacks involving a large number of messages from a single sender, or with identical subjects, within a moving one-hour period. For more information, see the High Volume Mail Page.
Content Filters Page	The Content Filters report page shows information about the top incoming and outgoing content filter matches (which content filter had the most matching messages). This page also displays the data as both bar charts and listings. For more information, see the Content Filters Page.