en-US
search-icon

Hosted Email Security 9.0 Admin Guide

Reports & Monitoring

SonicWall Hosted Email Security allows you to view system status and data through the Reports & Monitoring screen. The Reports & Monitoring is comprised of three key segments:

Reports, which provides many reports Hosted Email Security monitoring and tracking
Scheduled Reports, which describes how to schedule and customize reports
DMARC Reporting, which provides DMARC reports and custom filtering.

Reports

SonicWall Hosted Email Security provides a series of charts that summarizes data and system status so it can be viewed at a glance. Navigation and Data Customizing describes how to set up the displays and use the buttons.

The charts and data tables display statistics for the last 24 hours and are updated hourly. Similar reports can be grouped into collections based on the organization provided by SonicWall Hosted Email Security, shown below, or you can put any report into any collection.

 
* 
NOTE: When you first log into Hosted Email Security, the default View is Reports & Monitoring > Reports > Dashboard.

Navigation and Data Customizing

On each of the views under Reports & Monitoring > Reports, buttons and tabs can be used to navigate the charts, customize the appearance, or manage the data.

Navigating

Use the following buttons to navigate the report collections:

 

Add Charts

Allows you to add charts to be displayed. Click on the down arrow to select the report category, and then click on the report name you want to add.

Save View

Saves the view after you configured or made adjustments to your settings.

Reset to Default View

Resets the report view to the default settings.

Customize

Opens Custom Reports page so you can define the parameters for any report displayed.

1
Select the report to customize
2
Specify the date range for the report.
3
List the day in units of hours, days, weeks or months.
4
Select delivery method. Choose Display to show data on the dashboard. Choose Email to to send the report to someone and provide the email address for the report recipient.
5
If you selected Email to, provide the following information in the text fields:
Name from which report is sent
Email address from which report is sent
Subject
6
Select Generate This Report.

Refresh Reports

Refreshes the data in the charts.

Configuring Chart Formats

Each chart has options you can select to customize the presentation of the reports being displayed. Use the tabs across the top of the chart to set the format and contents as described below.

 

Chart arrangement:

Each of the charts can be moved up and down or left and right in the display. Simply drag-and-drop the chart wherever you want it.

Data style:

Select the data format you want:

Some data can be presented in Stacked Chart, Line Chart, or Table form.
Some data can only be presented in Bar Chart or Table form.

Select the tab of the view you want.

Time style:

Select one of the following:

Hourly
Daily
Monthly

Zoom:

To zoom in on a segment of data in the chart, draw a box around the segment and the display adjusts to show only that portion of data.

Miscellaneous buttons:

(You may need to scroll to the right at the top of each chart to see these tabs and buttons.)

Undo Zoom resets the view in that chart to the default setting.

The download arrow allow you to download the chart in PDF, JPEG, or CVS formats.

The double arrow head allows you to minimize the chart when arrows are pointing up and opens the chart when the arrows are pointing down.

The close (X) button closes the chart window and removes it from that view.

Managing Data

Some charts display several types of data in a single view. You can customize what data shows in the charts. Click on an item listed in the legend. That item becomes grayed out and the data is removed from the display. To restore that item to the chart or table, click on the grayed out item and the data is returned.

Dashboard

The Reports > Dashboard page summarizes SonicWall Hosted Email Security at a glance. These charts are updated hourly and display the statistics for the last 24 hours. Click the Refresh Reports button to update the data in the reports with the most current data. Refer to Dashboard Reports for a description of the pre-defined reports that can be added to the dashboard.

 

Dashboard Reports

Report Name

Description

Inbound Good vs Junk

Displays the number of good messages versus junk messages received in an hour in inbound email traffic. Junk is comprised of spam, likely spam, phishing, likely phishing, viruses, likely viruses, policy events, directory harvest attacks (DHA), and rejected connections (CM). Rejected connections are those deliberately dropped by Email Security because of greylisting, IP reputation, and other features provided on the Connection Management page.

Junk Email Breakdown

Displays Junk email broken down into the following categories:

Spam (Spam and Likely Spam)
Phishing (Phishing and Likely Phishing)
Virus (Virus and Likely Virus)
Policy
Directory Harvest Attacks (DHA)
Connection Management (CM)

Note: The Junk Email Breakdown chart displays only those categories of junk email that are filtered by your organization.

Outbound Good vs. Junk

Displays the total number of outbound messages processed by Email Security along with the total number of junk messages and good messages.

Spam Caught

Displays the number of email messages that are definitely Spam compared to the number that are Likely Spam.

Top Outbound Email Senders

Displays what percentage of the processor is used, as sampled every fifteen minutes. This chart increments in processor percentage. Use this chart to judge whether you have sufficient processor power for your needs. If you are viewing a Remote Analyzer, this is one of the available charts.

Top Spam Recipients

Displays the volume of spam received by the top 12 recipients in your organization.

Total Files Scanned

Shows the total number of files scanned each hour.

Anti-Spam Reports

SonicWall Hosted Email Security provides the following reports specific to the category of Anti-Spam:

 

Anti-Spam Reports

Report Name

Description

Spam Caught

The Spam Caught report displays the number of messages filtered by SonicWall Hosted Email Security that are definitely Spam compared to the amount that are Likely Spam. This report also gives a percentage breakdown.

Top Spam Recipients

The Top Spam Recipients report lists the email addresses in your organization that receive the most spam.

Anti-Phishing Reports

Phishing messages are an especially pernicious form of fraud that use email with fraudulent content to steal consumers’ personal identity data and financial account credentials. This report displays the number of messages that were identified as Phishing Attacks and Likely Phishing Attacks.

Anti-Virus Reports

The Anti-Virus Report allows you to view the number of viruses detected by the SonicWall Hosted Email Security. The report displayed is the Inbound Viruses Caught. It displays the number of viruses caught in the inbound email traffic. The default is to display the Daily view.

Capture ATP Reports

The Capture ATP Reports provides about the quantity and types of files scanned.

 

Capture ATP Reports

Report Name

Descriptions

Total Files Scanned

Shows the total number of files scanned each hour.

File Type Scanned

Shows how many of each type of file was scanned. Data is either shown in a pie chart or a table.

Malicious File Type

Shows how many of each kind of malicious file was scanned. Data is either shown in a pie chart or a table.

Anti-Spoof Reports

The Anti-Spoof Report provides summary and details reports on the types of anti-spoof messages detected. Anti-Spoof Reports provides details on each report.

 

Anti-Spoof Reports

Report Name

Description

Likely Spoof Messages

Displays the total number of Likely Spoof messages caught in inbound email traffic.

Likely Spoof Message Breakdown

Shows the breakdown of the Likely Spoof messages according the categories used to detected them in the inbound email traffic.

SPF Breakdown

Shows the breakdown of Likely Spoof message that were detected using SPF parameters.

DKIM Breakdown

Shows the breakdown of Likely Spoof message that were detected using DKIM parameters.

DMARC Breakdown

Shows the breakdown of Likely Spoof message that were detected using SPF and DMARC parameters.

Encryption Service Reports

Encryption Service Reports show only one report: Outbound vs. Encrypted Email. This report displays the total number of outbound messages as compared to the number of messages sent as [SECURE] through the encryption service.

Policy Management Reports

Policy Management Reports group the reports that are relevant to policy filters in Hosted Email Security. Table describes each reports function.

 

Policy Management Reports

Report Name

Description

Inbound Policies Filtered

Displays the total number of inbound email messages that Email Security has filtered based on your configured policies.

Top Inbound Policies

Displays the policy filter names that are triggered most often in inbound email traffic.

Outbound Policies Filtered

Displays the total number of outbound messages that Email Security has filtered based on your configured policies.

Top Outbound Policies

Displays the policy filter names that are triggered most often in outbound email traffic.

Compliance Reports

The Compliance Reports groups various reports that are relevant to compliance in Hosted Email Security. Compliance Reports provides a description of each one.

 

Compliance Reports

Report Name

Description

Top Inbound Approval Boxes

Lists the approval boxes in which inbound email messages sent through Hosted Email Security are stored most often. This report also displays the amount of messages that are stored in each approval box.

Top Outbound Approval Boxes

Lists the approval boxes in which outbound email messages sent through Hosted Email Security are stored most often. This report also displays the amount of messages that are stored in each approval box.

Directory Protection

SonicWall Hosted Email Security provides protection against directory attacks. The directory protection reports described in Directory Protection Reports give more information on the directory attacks targeted towards your organization.

 

Directory Protection Reports

Report Name

Description

Number of Directory Harvest Attacks

Displays the number of messages with invalid email addresses that were sent to your organization. If this number is large, your organization may be experiencing one or more Directory Harvest Attacks in which spammers try to harvest a list of all your email addresses. The default is the Daily view.

Top DHA Sending Domains

Shows the IP addresses from which the most frequent Directory Harvest Attacks originate and the number of invalid recipient addresses in those attacks. The default is the Monthly view.

 

Connection Management Reports

SonicWall Hosted Email Security provides connection management to reduce the traffic your system must analyze and automatically rejects connections from bad IP addresses. The pre-configured report provided in this view shows Top Spam Countries. It lists the countries that the most spam comes from and the volume of the connections for each.

User Statistics

The User Statistics are presented as a function of the number of users per domain or organization. With it, you can determine if the number of users are license compliant. The following views are available for selection:

Domain Person vs. Group Email Addresses
Domain Primary vs. Alias Email Addresses

Scheduled Reports

SonicWall Hosted Email Security allows you to schedule email delivery of reports. You can choose the type of report, a time span the data covers, the list of recipients, etc.

Data in scheduled reports is displayed in the time zone of the server on which Hosted Email Security stores email data (either an All in One or a Control Center), just like the reports in the Reports & Monitoring section. Scheduled report emails are sent according to the time zone on that system as well.

To add a a scheduled report:
1
Select the Add New Scheduled Report button. A dialog window displays where you can specify the following settings:
2
Select Which report from the drop down list.
3
Select Frequency of report email from the drop down list. Options range from 1 Day to 30 Days.
4
For Time of day to send report, select one of the following options:
Any time of day
Within an hour of [choose time from drop down menu].
5
For Day of week to send report, select one of the following:
Any day of the week
Send report on [choose day from drop down menu].
6
Select Language of report email.
7
Select Report has data for the last [choose time period from drop down menu]. Options range from 1 Day to 180 Days.
8
For Report lists results by, choose for the results to be listed by the Hour or by the Day.
9
Choose the Report Format: JPEG, CSV, or PDF.
10
Type the Name from which report is sent.
11
Type in the Email Address From Which Report is Sent.
12
Type in the email addresses for the Recipients of Report Email. Separate multiple email addresses with a comma.
13
Type in the domains for the field Reports shows email sent to these domains. Separate multiple domains with a comma. If left blank, the report will show email sent to all domains.
14
Specify the Report Name.
15
Select Save Scheduled Report when finished.

DMARC Reporting

In the Reports & Monitoring > DMARC Reporting section, you can define DMARC reports by either date range or filer. You can also configure known networks for filtering DMARC reports.

DMARC Reports

When the Email Security Mail Server plays the role as email sender and RUA receiver, it extracts and aggregates daily RUA files from the email receiver and from RUA providers, such as Google, Yahoo, etc. The DMARC Reporting Scheduler then imports the RUA files hourly into its database.

 
* 
NOTE: To receive reports, configure RUA address under the Anti-Spoofing command. Refer to Anti-Spoofing for more information.
To generate a DMARC report:
1
Navigate to Reports & Monitoring > DMARC Reports > DMARC Reports.
2
Choose a Date Range using one of the following methods:
Select Last and choose a pre-defined option from the drop down menu. Choices range from 1 to 21 days.
Select Start Date and enter a Start date and End date from the pop up calendars.
3
Choose the filters for the report. You can select available filters from the Apply Filters drop down menu or you can build a new filter by selecting Filter. Refer to New Filters for more information about building a new filter.
4
Select the report type from the Select Report drop down menu. The options include:
DMARC Statistic Report
DMARC Master Detail Report
Source IP Aggregation Report
Provider Aggregation Report
Source IP and Provider Aggregation Report
5
Click on the Generate button to generate the report. Reports are shown in a window below the 'Set Filters' section.
6
Click Download PDF to download a PDF report once the HTML report is generated. The PDF report name includes the Report Name and a time stamp.

All five reports can be rendered in HTML format and downloadable PDF file. (HTML reports allow you to mouse over 'Alignment' value to see alignment reason description.)

The statistics report displays either horizontally or vertically, depending on the date range. If days of selected date range are less than 15 days, three (3) bar charts will be horizontally display. If the date range is greater than 15 days, the bar charts display vertically. For tabulated reports, scrolling the mouse over the 'Alignment' value displays the Alignment Reason. For example, if the 'Alignment' is 'No', moving the mouse over this 'No' makes the Title Box show: “No DKIM and SPF is passed, On SPF Relaxed, SPF Organization Domain(sina.com) Not Matched From Header Domain(sonicwall.com)” This informational message can be useful for DMARC troubleshooting.

New Filters

You can define a new filter to use for the DMARC reports. This filter then becomes an option for filtering the DMARC Report database.

To build a new filter:
1
Navigate to Reports & Monitoring > DMARC Reports > DMARC Reports.
2
Click on the Filter button to create a new filter. (If a filter already exists, clicking this button allows you to edit the filter.) The Set Filter page opens.
3
Define the parameters of the filters using the conditions provided.
a
Select one of the Condition Names from the left.
b
Select the operator for how the data will be acted upon. For example, you might chose between include and exclude or mathematical operators like == (equals) and != (not equals).
c
In the right column, Select or Input Values. Values are automatically provided for some Condition Names, but you’ll need to type in the values you want if none are provided.
d
Click OK to exit the Set Filter pages.
4
Click Save to save the newly configured settings.

Other buttons available to help you manage the filters. They include:

 

Clear

Clears all settings of the current filter.

Delete

Deletes a selected filter.

Bullet icons

Represents a filter condition. Click the icon to open the Set Filter dialog box, or click the small 'x' icon to delete the condition from the filter.