Cisco IronPort AsyncOS 7.5 for Email Daily Management Guide
Chapter 2 Using Email Security Monitor
Email Security Monitor Pages
Global outbreak data represents all outbreaks detected by the Cisco IronPort
Threat Operations Center which exceeded the currently configured threshold for
the outbreak quarantine. Local outbreak data represents all virus outbreaks
detected on this appliance which exceeded the currently configured threshold for
the outbreak quarantine. The Total Local Protection Time is always based on the
difference between when each virus outbreak was detected by the Cisco IronPort
Threat Operations Center and the release of an anti-virus signature by a major
vendor. Note that not every global outbreak affects your Cisco IronPort appliance.
A value of “--” indicates either a protection time does not exist, or the signature
times were not available from the anti-virus vendors (some vendors may not
report signature times). This does not indicate a protection time of zero, rather it
means that the information required to calculate the protection time is not
The Quarantined Messages section summarizes Outbreak Filters quarantining,
and is a useful gauge of how many potential threat messages Outbreak Filters are
catching. Quarantined messages are counted at time of release. Typically,
messages will be quarantined before anti-virus and anti-spam rules are available.
When released, they will be scanned by the anti-virus and anti-spam software and
determined to be positive or clean. Because of the dynamic nature of Outbreak
tracking, the rule under which a message is quarantined (and even the associated
outbreak) may change while the message is in the quarantine. Counting the
messages at the time of release (rather than the time of entry into the quarantine)
avoids the confusion of having counts that increase and decrease.
The Threat Details listing displays information about specific outbreaks,
including the threat category (virus, scam, or phishing), threat name, a description
of the threat, and the number of messages identified. For virus outbreaks, the Past
Year Virus Outbreaks include the Outbreak name and ID, time and date a virus
outbreak was first seen globally, the protection time provided by Outbreak filters,
and the number of quarantined messages. You can select either global or local
outbreaks as well as the number of messages to display via the menu on the left.
You can sort the listing by clicking on the column headers.
The First Seen Globally time is determined by the Cisco IronPort Threat
Operations Center, based on data from SenderBase, the world’s largest email and
web traffic monitoring network. The Protection Time is based on the difference
between when each threat was detected by the Cisco IronPort Threat Operations
Center and the release of an anti-virus signature by a major vendor.