Is it possible to pull Encryption Reports from logs?
What I'm looking to accomplish is a way to pull a count of how many emails a certain domain sends out that get encrypted per a DLP Policy. I also am interested in a way of getting a count of how many emails get encrypted per a Content Filter that queues off of keyword encryption. If anyone knows how to do this it would be greatly appreciated. If its not possible will someone please let me know so I can stop spinning my wheels trying to find an answer.
Currently there not any built in report that is this specific in nature, nor are there any reports that could be combined to provide this type of data. You could possibly export the logs off of the the appliance and parse them using another tool to generate a report of something similar to this. One tool that comes to mind is sawmill. I would be happy to create a feature request for this type of report so that it can be considered for inclusion in an upcoming release of AsyncOS.
Christopher C Smith CSE Cisco IronPort Customer Support
I did some further research on my own and found a report that would provide enough information to generate sufficient numbers for both DLP Policy and Content Filters. I don't think I mentioned in my original post that I do have a M670 appliance that does all of our logging for us. With this appliance I was able to generate the reports form the canned ones provided.
To do the DLP Policy report I went to Email Tab -> Reporting -> Scheduled Reports -> Add Scheduled Report
Then I generate a DLP Incident Summary for the Previous Calendar Month in CSV format. When I receive the report I get several .csv files but the one that is useful is (DLP Incident Summary_DLP IncidentDetails_calendar_month.csv)
This one breaks down all the DLP incidents per policy and weight.
As for the Content Filters report I went through the same process Email Tab -> Reporting -> Scheduled Reports -> Add Scheduled Report
Then I chose Content Filters for the Previous Calendar Month in CSV Format. When I get this report the .csv file that I use is (Content Filters_Outgoing Content FilterMatches_calendar_month.csv)
This one provides a breakdown of total hits on per policy for the previous month.
Usually no news means good news in security, but how do you know what is working, what could be better and where you should invest? Introducing the Cisco Security Outcomes Study.
We commissioned an independent survey of 4,800 active security a...
Cisco is happy to announce their Fall release, FTD 6.7/ASA 9.15.1/FXOS 2.9, which consists of 104 features across 24 initiatives, addressing technical debt while staying true to our five core investment areas: Ease of Use and Deployment, Unified Policy an...
Hi Team, I have one exclusion provided by internal team which is Is it right way to exclude ? *\Program Files\XYZ\* , as per Cisco Docs i see its not recommended because it will create performance issue when we use * at starting , So...
Central Log Management using Cisco Security Analytics and Logging, December 2nd at 8am-9:30am PT
Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a c...