cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
909
Views
0
Helpful
2
Replies
Highlighted
Beginner

Is it possible to pull Encryption Reports from logs?

What I'm looking to accomplish is a way to pull a count of how many emails a certain domain sends out that get encrypted per a DLP Policy.  I also am interested in a way of getting a count of how many emails get encrypted per a Content Filter that queues off of keyword encryption.  If anyone knows how to do this it would be greatly appreciated.  If its not possible will someone please let me know so I can stop spinning my wheels trying to find an answer.

Thank You!

Mike

2 REPLIES 2
Highlighted
Enthusiast

Hi Mike,

Currently there not any built in report that is this specific in nature, nor are there any reports that could be combined to provide this type of data. You could possibly export the logs off of the the appliance and parse them using another tool to generate a report of something similar to this. One tool that comes to mind is sawmill.  I would be happy to create a feature request for this type of report so that it can be considered for inclusion in an upcoming release of AsyncOS.

Christopher C Smith
CSE
Cisco IronPort Customer Support 

Highlighted

I did some further research on my own and found a report that would provide enough information to generate sufficient numbers for both DLP Policy and Content Filters. I don't think I mentioned in my original post that I do have a M670 appliance that does all of our logging for us. With this appliance I was able to generate the reports form the canned ones provided.

To do the DLP Policy report I went to Email Tab -> Reporting -> Scheduled Reports -> Add Scheduled Report

Then I generate a DLP Incident Summary for the Previous Calendar Month in CSV format.  When I receive the report I get several .csv files but the one that is useful is (DLP Incident Summary_DLP IncidentDetails_calendar_month.csv)

This one breaks down all the DLP incidents per policy and weight.

As for the Content Filters report I went through the same process Email Tab -> Reporting -> Scheduled Reports -> Add Scheduled Report

Then I chose Content Filters for the Previous Calendar Month in CSV Format.  When I get this report the .csv file that I use is (Content Filters_Outgoing Content FilterMatches_calendar_month.csv)

This one provides a breakdown of total hits on per policy for the previous month.