Showing results for 
Search instead for 
Did you mean: 
Cisco Secure Email Support Community

Product Support Talos Support Cisco Support Reference + Current Release
Gateway Reputation Lookup Open a support case Secure Email Guided Setup
Gateway: 14.0.1-033
Cloud Gateway Email Status Portal Support & Downloads
Email and Web Manager: 14.1.0-227
Email and Web Manager Web & Email Reputation Worldwide Contacts Product Naming Quick Reference
Reporting Plug-in:
Encryption Bug Search
Encryption Plug-in:
Cloud Mailbox Notification Service
Outlook Add-in(s): More info

Mike Kwilosz

Is it possible to pull Encryption Reports from logs?

What I'm looking to accomplish is a way to pull a count of how many emails a certain domain sends out that get encrypted per a DLP Policy.  I also am interested in a way of getting a count of how many emails get encrypted per a Content Filter that queues off of keyword encryption.  If anyone knows how to do this it would be greatly appreciated.  If its not possible will someone please let me know so I can stop spinning my wheels trying to find an answer.

Thank You!


Christopher Smith

Hi Mike,

Currently there not any built in report that is this specific in nature, nor are there any reports that could be combined to provide this type of data. You could possibly export the logs off of the the appliance and parse them using another tool to generate a report of something similar to this. One tool that comes to mind is sawmill.  I would be happy to create a feature request for this type of report so that it can be considered for inclusion in an upcoming release of AsyncOS.

Christopher C Smith
Cisco IronPort Customer Support 

I did some further research on my own and found a report that would provide enough information to generate sufficient numbers for both DLP Policy and Content Filters. I don't think I mentioned in my original post that I do have a M670 appliance that does all of our logging for us. With this appliance I was able to generate the reports form the canned ones provided.

To do the DLP Policy report I went to Email Tab -> Reporting -> Scheduled Reports -> Add Scheduled Report

Then I generate a DLP Incident Summary for the Previous Calendar Month in CSV format.  When I receive the report I get several .csv files but the one that is useful is (DLP Incident Summary_DLP IncidentDetails_calendar_month.csv)

This one breaks down all the DLP incidents per policy and weight.

As for the Content Filters report I went through the same process Email Tab -> Reporting -> Scheduled Reports -> Add Scheduled Report

Then I chose Content Filters for the Previous Calendar Month in CSV Format.  When I get this report the .csv file that I use is (Content Filters_Outgoing Content FilterMatches_calendar_month.csv)

This one provides a breakdown of total hits on per policy for the previous month.

Recognize Your Peers
Which of these topics should we host an event in the Community?

Top Choice: ISE Demo (100%)

Content for Community-Ad