Tracking Service Overview
The tracking service of the Cisco Content Security Management appliance complements Email Security appliances. With the Security Management appliance, email administrators have a single place to track the status of messages that traverse any of their Email Security appliances.
The Security Management appliance makes it easy to find the status of messages that Email Security appliances process. Email administrators can quickly resolve help desk calls by determining the exact location of a message. With the Security Management appliance, an administrator can determine if a particular message was delivered, found to contain a virus, or placed in a spam quarantine — or if it is located somewhere else in the mail stream.
Instead of having to search through log files using grep or similar tools, you can use the flexible tracking interface of the Security Management appliance to locate messages. You can use a variety of search parameters in combination
Tracking queries can include:
-
Time Frame: Find a message that was sent between specified dates and times.
-
Envelope Information: Find messages from particular envelope senders or recipients by entering the text strings to match.
-
Subject: Match a text string in the subject line. Warning: Do not use this type of search in environments where regulations prohibit such tracking.
-
Attachment Name: You can search for messages based on an attachment name. Messages that contain at least one attachment with the queried name will appear in the search results.
For performance reasons, the names of files within attachments such as OLE objects or archives such as .ZIP files are not tracked.
Some attachments may not be tracked. For performance reasons, scanning of attachment names occurs only as part of other scanning operations, for example message or content filtering, DLP, or disclaimer stamping. Attachment names are available only for messages that pass through body scanning while the attachment is still attached. Some examples when an attachment name will not appear include (but are not limited to): -
if the system only uses content filters, and a message is dropped or its attachment is stripped by anti-spam or anti-virus filters
-
if message splintering policies strip the attachment from some messages before body scanning occurs.
-
-
File SHA256: Find messages with the SHA-256 value of the message file
-
Cisco Host: Narrow search criteria to particular Email Security appliances, or search across all managed appliances.
-
Message ID Header and Cisco MID: Find messages by identifying the SMTP “Message-ID:” header or the Cisco message ID (MID).
-
Sender IP Address/ Domain/ Network Owner: Search for messages from a particular IP address, domain name or network owner.
-
Message Event: Find messages that match specified events, such as messages flagged as virus positive, spam positive, or suspected spam, and messages that were delivered, hard bounced, soft bounced, or sent to the Virus Outbreak Quarantine
-
Rejected Connections: Search for messages from a particular IP address, domain name or network owner of the rejected connections in the search results