Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1531
Views
0
Helpful
8
Replies

Numbers in reports are completely wrong

cryptochrome
Level 1
Level 1

‎03-23-2020 06:16 AM - edited ‎03-23-2020 06:16 AM

Hi,

I keep wondering about ESA's reporting. For instance, we currently have about 15.000 emails with malicious URLs in a policy quarantine. This quarantine holds mails for 30 days and then deletes them. If I go to the URL Filter Report and select the last 30 days, it tells me we had 200 mails with malicious URLs. 

Uhm... what?

The same is happening in other areas like the Virus report. 

What gives?

 

Labels:
0 Helpful
8 Replies 8

ppreenja
Cisco Employee
Cisco Employee

‎03-24-2020 03:07 AM

Hello,

Policy quarantine usually contains all the emails which are sent via various filters and not only emails with malicious URLs.
Are you sure that only emails with malicious URLs are in your policy quarantine? Please share more information so as to understand your issue better.

Cheers,
Pratham

0 Helpful

cryptochrome
Level 1
Level 1
In response to ppreenja

‎03-24-2020 04:24 AM

Hi Pratham,

we have a dedicated policy quarantine for malicious URLs. It holds only email that contain malicious URLs, nothing else. We did this by creating a separate quarantine and then use content filters to quarantine mails with malicious URLs into it. No other content filter or feature stores mails in that particular quarantine. 

Result: That quarantine has thousands of mails in it (past 30 days), while the URL filter report shows only 200 for the same timeframe. 

I seem to remember that someone here on this forum once said that the reporting feature of ESA has a problem, where mails that were already registered as spam will only show in the reports as spam, even if they contained other threats. 

 

0 Helpful

ppreenja
Cisco Employee
Cisco Employee
In response to cryptochrome

‎03-24-2020 05:00 AM

Hi ,

Thank you for explaining in detail. I was able to find below cosmetic bug which might be able to answer your query:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf36406

I hope this answers your query.

Cheers,
Pratham
0 Helpful

cryptochrome
Level 1
Level 1
In response to ppreenja

‎03-24-2020 05:08 AM

Thanks. When will this be fixed?

0 Helpful

ppreenja
Cisco Employee
Cisco Employee
In response to cryptochrome

‎03-24-2020 05:20 AM

Hello,

Currently, there is no ETA on the resolution however development team is working on the fix. I would suggest you add yourself to the notifications on the above-shared link so that as soon as the fix is in place you are notified regarding the same.

Cheers,
Pratham
0 Helpful

Ken Stieers
VIP
VIP
In response to cryptochrome

‎03-24-2020 07:13 AM

Just curious, are you looking in the new gui, or old gui?

It MIGHT be different in the new gu


0 Helpful

cryptochrome
Level 1
Level 1
In response to Ken Stieers

‎03-24-2020 07:45 AM

Old GUI. We're not using the new GUI yet.

0 Helpful

Ken Stieers
VIP
VIP
In response to cryptochrome

‎03-24-2020 09:28 AM

If you have a modern version of ESA, take a look in the new GUI and see if it got fixed there.



0 Helpful
Customers Also Viewed These Support Documents