5.1.23 Policy & Content: Downloads
By default, a pie chart and data table of the file types downloaded as a proportion of the total
number of bytes downloaded today since midnight. The data table also shows the total number
of requests for each of the file types downloaded.
Note: This is not a comprehensive measure of bytes downloaded. It records only the downloads
that users have explicitly requested. It does not, for example, include the data downloaded as a
result of JavaScript calls.
You can sort the results according to site visits or the number of bytes consumed.The available
search parameters vary from one report to another. See “Modifying Reports” for a description of
each parameter.
5.1.24 Policy & Content: Sandstorm Usage
By default, a stacked-bar graph and data table of the total number of user downloads referred to
the Sandstorm cloud service, listed by analysis result.The results are broken down hourly for the
current day since midnight, and show:
■
Clean: files that have been analyzed and that exhibit no malicious behavior.
■
Malicious: files that Sophos Sandstorm has determined are malicious.
■
Analysis unsuccessful: files that could not be analyzed.
■
Excluded by policy: files that were not sent for analysis due to policy settings.
Use the Graph by drop down to select whether the graph displays the number of files downloaded,
the number of bytes downloaded, the number of files sent for analysis, or the number of bytes
sent for analysis. See “Modifying Reports” for a description of the other search parameters.
5.1.25 Policy & Content: Advanced Threat Protection
The Advanced Threat Protection (ATP) report lists each unique IP address/user combination for
which the SWA has detected attempts to contact malware command and control services.You
can block and unblock machines listed in this report. Blocking a machine adds it to the
Configuration > Group Policy > Additional Policies page in the Quarantined Machines policy.
The columns in the report are:
■
Block: For each each IP address/user combination, you can use the block/unblock button to
add or remove the IP address to or from the Quarantined Machines policy.
Note: Blocking a machine will block all instances of that IP address, not just the specific
IP/user combination you select.
■
Status: A red circle with an "X" indicates a potential threat that is unblocked. A green checkmark
indicates the machine is blocked.
■
IP: The IP address of the detected machine. Clicking this will display a search for suspicious
activity from this IP address.
■
Machine:The name associated with the machine. Clicking this will display a search for
suspicious activity from the IP address associated with this machine.
166 | Reports | Sophos Web Appliance
To Next Page
Loading...
Need help?
General
