Cisco Advanced Web Security Reporting Data Sheet

Data Sheet

Available Languages

Download Options

  • PDF
    (673.3 KB)
    View with Adobe Reader on a variety of devices
Updated:March 17, 2021

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Available Languages

Download Options

  • PDF
    (673.3 KB)
    View with Adobe Reader on a variety of devices
Updated:March 17, 2021



Cisco® Advanced Web Security Reporting Application is a reporting solution that rapidly indexes and analyzes logs produced by Cisco Secure Web Appliance (formerly Web Security Appliance) and Cisco Umbrella. This tool provides scalable reporting for customers with high traffic and storage needs. It allows reporting administrators to gather detailed insight into web usage and malware threats.

Directory-Group-Based Reporting

With Advanced Web Security Reporting Application, administrators can generate reports based on a group or user ID, as defined within a central authentication server such as Active Directory. Reports can be created easily along functional or geographical boundaries that have been defined by the authentication groups. Roles can be created to allow managers to view reports only for a defined set of directory groups (such as the groups that they manage), protecting the privacy of individuals who are not within those groups.

Setting up the directory-group-based reporting

Figure 1.            

Setting up the directory-group-based reporting

Detailed Layer 4 Traffic Monitor Visibility

Administrators can run reports on activities on nonweb ports. These Layer 4 Traffic Monitor (L4TM) reports connect hosts associated with particular ports and users, and they can be used to identify malicious behavior on nonstandard ports - behavior that would evade many traditional web-security solutions.

SOCKS Reporting

For customers using Socket Secure (SOCKS) proxy settings, administrators get information about SOCKS traffic.

Historical Data Import

Historical logs can be imported during forensic investigations. Logs from any time period can be imported into the reporting tool for analysis, allowing human resources and legal personnel to conduct forensic investigations spanning several years. Administrators can focus on a specific user’s web activity, if needed.

Advanced Malware Protection Reporting

Featuring file reputation scoring and blocking, static and dynamic file analysis (sandboxing), and file retrospection for the continuous analysis of threats, even after they have traversed the Secure Web Appliance. This reporting application consolidates data provided by the Cisco Advanced Malware Protection solution that produces a single pane of glass for even richer analysis for administrators to gather more detailed insight into web usage and malware threats.

Advanced Malware Protection reporting

Figure 2.            

Advanced Malware Protection reporting

Cisco Umbrella Reports support

You can point the Advanced Web Security Reporting application to the AWS bucket containing logs provided by Umbrella. You can view the reports in the Consolidated Web Security Reports dashboards.

Setting up the Cisco Umbrella S3 bucket configuration

Figure 3.            

Setting up the Cisco Umbrella S3 bucket configuration

Consolidated Web Security Reports

You can view consolidated reports from Cisco Umbrella and Secure Web Appliances under following categories:


      Activity Search

      Security Activity

      Top Domains

      Top Categories

      Top Users

      Top Security Categories

Consolidated web security reporting architecture

Figure 4.            

Consolidated web security reporting architecture

Consolidated Secure Web Appliance and Umbrella Top 10 URL Categories sample report

Figure 5.            

Consolidated Secure Web Appliance and Umbrella Top 10 URL Categories sample report

Who Should Use Web Reporting?

Built-in reporting capabilities on Cisco Web Security and Security Management Appliances fulfill the reporting needs of most Cisco customers. Advanced Web Security Reporting is an advance reporting solution for customers who need extended storage for high transaction volumes or directory-group-based reporting. It also serves as a “single pane of glass” for customers who have deployed a hybrid web security solution. The Cisco Web Reporting report format is identical to reports already available on Cisco S-Series and M-Series appliances.

What Does the Latest Release of Cisco Web Reporting Include?

      Unified Web Security Reporting: The Cisco Advanced Web Security Reporting Application integrates diverse information into a single display for easier monitoring of your web security, regardless of deployment (Figure 1). The reporting application polls log data collected from multiple Secure Web Appliances and Umbrella for predefined reports. Customers can also perform ad-hoc searches using the flash timeline view and web-tracking forms.

      Scale and Performance: Advanced Cisco Web Security Reporting Application aligns with the introduction of data tiers across seat bands, allowing for purchase flexibility based on daily log volume requirements.

    Low tier: This version meets the limited data needs of current customers who use 2 MB of data per user per day.

    High tier: This version is for Hybrid Web Security and Enterprise License Agreement (ELA) customers whose users have higher data requirements (6 MB per user per day).

There are two types of deployment options are available for AWSR.

      Single-instance Deployment

      Distributed Deployment

* Please note that these options include only a license for Web Security Reporting. The offering does not include Configuration and Policy Management licenses.

Reports for URL Categories and Transactions Blocked

Figure 6.            

Reports for URL Categories and Transactions Blocked

System requirements

Advanced Web Security Reporting runs on Microsoft Windows and Red Hat Linux. Refer to “Requirements for Advanced Web Security Reporting” section in release notes for details on the system requirements for specific release of Advanced Web Security Reporting application.

Please talk to your Cisco account team and refer to the documentation to understand the hardware specifications you will need to run the Cisco Web Reporting Application at your organization.

Ordering Information

Ordering Cisco Advanced Web Security Reporting is simple. There are two bundles are available based on per day data limit.

The top level SKUs are:

Web Security Reporting – Lower Tier:
SMA-WSPL-LOW-LIC=; that this license has a data limit of 2 MB per user per day.

Web Security Reporting – Higher Tier:
SMA-WSPL-HIGH-LIC=; this license has a higher data limit of 6 MB per user per day.

Refer to the Cisco ordering guide for subscription SKU.

Cisco environmental sustainability

Information about Cisco’s environmental sustainability policies and initiatives for our products, solutions, operations, and extended operations or supply chain is provided in the “Environment Sustainability” section of Cisco’s Corporate Social Responsibility (CSR) Report.

Reference links to information about key environmental sustainability topics (mentioned in the “Environment Sustainability” section of the CSR Report) are provided in the following table:

Sustainability Topic


Information on product material content laws and regulations


Information on electronic waste laws and regulations, including products, batteries, and packaging

WEEE Compliance

Cisco makes the packaging data available for informational purposes only. It may not reflect the most current legal developments, and Cisco does not represent, warrant, or guarantee that it is complete, accurate, or up to date. This information is subject to change without notice.

Cisco Capital

Flexible payment solutions to help you achieve your objectives

Cisco Capital makes it easier to get the right technology to achieve your objectives, enable business transformation and help you stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services and complementary third-party equipment in easy, predictable payments. Learn more.

For more information

More information can be found by referencing the ordering guide, release notes, and user guide.

Get Started: Download the Single Installer for Linux and Windows.

Questions: Please contact your Cisco Partner Account Manager.




Learn more