cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1738
Views
0
Helpful
5
Replies

Cisco ESA Summary Report

cammy.busto
Level 1
Level 1

Hi,

 

Is anyone can tell why the MESSAGES WITH MALICIOUS URL COUNT was not included in the TOTAL MESSAGES PROCESSED? I'm looking for the document to explain this but can't find the answer. So, in client perspective, its looks like there's a discrepancy with the report. 

 

Please share your thoughts on this :)

 

 

Outgoing Mail Summary
Message Processing % Messages
Spam Detected 0.0% 1
Virus Detected 0.0% 0
Messages with Malicious URLs 0.0% 4
Stopped by Content Filter 0.0% 0
Clean Messages 100.0% 55,037
Total Messages Processed: 55,038

5 Replies 5

Mathew Huynh
Cisco Employee
Cisco Employee

Hey Cammy.busto,

 

I been trying to replicate this on my lab environment to get a definitive response for you but it just wasn't my day so far.


I am 99% certain that this may be counting emails where a malicious URL was found but it was not dropped so it's within the 55,038 value.

 

Where as the '1' spam is also within this value but as it was detected as spam, it was not considered a 'clean' message.

 

Regards,

Matthew

Hi Matthew,

 

Thanks for your response. I mean if my ESA appliance processed the outgoing messages with the below counts:

 

Spam:                                1

Malicious URL:                    4

Clean Messages:                55,037

---------------------------------

Total Messages Processed: 55,038

 

The Malicious URL were not counted in the Total Messages Processed, is it because my policy is to DROP the malicious URL?

 

The Spam email will be quarantined (still processed but it will quarantine to Spam Quarantine).

Hey Cammy.busto,

 

I suspect the '4' in the Malicious URLs is not to be added on top but to be included within the total.

Spam detected as '1'  was deducted from the total to make the clean messages.

Where clean messages number from the user guide on interpreting the report is emails which are spam and virus free.

 

Regards,

Matthew

Spoiler
We just noticed that the "Messages with Malicious URLs" is not being included in the Total Threat Messages count. At least as far as we can tell. When we add up all the categories for "Total Threat Messages" they equal the total the report shows, except the "Messages with Malicious URLs" number. We went back a year and it's the same in every reports. 

Is this number actually included in another category and just reported separately? If so, what category in the Threat Messages is it included in?

If not, why is the number ignored yet collected?   

Hey Jeff,

I realised I haven't followed up on this thread in a bit and with your email I went forward to review the device again with some tests.
At the moment the counters are ignored despite incrementally increasing based on URL filtering matches against it.

In the current setup, it's currently categorized as a Spam Detected from my testing - i've filed a bug against this behaviour as this is not the design it should follow.

The bug ID is currently pending review for externalization but when it is available, it should be visible at : https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq72687

Regards,
Mathew
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: