09-12-2016 09:59 AM
Does anyone know if there is a way to get the total number of items scanned by the AMP feature aside of getting the number of items AMP actually stopped? I've looked through a number of the console screens but none seem to give that indication of total scanned in any sort of simple report.
thanks
09-12-2016 11:34 AM
Hi, this is coming with AsyncOS 10 (first and third bullets):
Advanced Malware Protection page includes the following enhancements:
Don't forget to check maximums for AMP Threat Grid file submission: http://www.cisco.com/c/dam/en/us/td/docs/security/content_security/content_security_general/Content-security-file-reputation-and-analysis-criteria.pdf
09-12-2016 01:42 PM
Hi,
I do not see a report to do so as AMP ideally would scan all emails with attachments, file reputation evaluates most file types.
We could however grep the mail_logs to get a rough count.
grep "Sep.*AMP file reputation verdict" mail_logs -c
Here -c is used to get a count of all entries that match the term "AMP file reputation verdict" for the month of September.
Since the file reputation verdict is the first step in AMP scanning this should give you a close enough count.
You can modify the first part of the search term to vary the date or month to look for.
For instance:
grep "Sep 5.*AMP file reputation verdict" mail_logs -c
grep "Sep 10.*AMP file reputation verdict" mail_logs -c
grep "Jul.*AMP file reputation verdict" mail_logs -c
Thanks
Libin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide