McAfee Security for Microsoft Exchange 8.6.0

Use advanced search filters

Generate graphical report on detections using advanced search filters.

Task
1 Click Dashboard | Graphical Reports. The Graphical Reports page appears.
2 Click Advanced tab.
3 Select at least one filter or up to three filters from the list:
Primary filters
Filter Description
Subject Search using the "subject" of an email.
Recipients Search using an email address of the recipient.
Reason Search using the detection trigger or using the reason why the item was quarantined. When you select the Reason filter, secondary filters are enabled for further refining your search.

For example, you might want to search for all items that were quarantined due to the Mail Size rule being triggered as the reason.

Ticket Number To search using the ticket number. A ticket number is a 16-digit alpha-numeric entry which is auto-generated by the software for every detection.
Detection Name To search by the name of a detected item.
Spam Score To search based on the spam score.

For example, you might want to search for all items that were quarantined with a Spam Score equal to 3.

Spam Score is a number that indicates the amount of potential spam contained within an email message. The engine applies anti-spam rules to each email message it scans. Each rule is associated with a score. To assess the risk that an email message contains spam, these scores are added together to give an overall spam score for that email message. The higher the overall spam score, the higher the risk that the email messages contains spam. The spam score can range between 0 and 100. Incoming messages start with a spam score of zero. Each time a message violates a filter, its spam score increases.
A secondary filter is only available for the Reason filter. If you do not want to specify the secondary filter, ensure that the field is blank so that all detections are queried upon.
Secondary filters
Filter Description
Anti-Virus Search for items that were quarantined when a potential virus was found in the message.
DLP and Compliance Search for items that were quarantined when a banned content was found in the message. For example: inappropriate words.
File Filter Search for items that were quarantined when a banned file was found in the message.
Anti-Spam Search for items that were quarantined when spam was found. For example: chain email messages
IP Reputation Search for items that were quarantined when IP Reputation exceeds the defined threshold.
Encrypted or Corrupted Search for items that were quarantined when encrypted or corrupt content was found in the email.
Potentially Unwanted Program Search for items that were quarantined when potentially unwanted program was found in the email.
Phish Search for items that were quarantined when phishing content was found in the email
Packer Search for items that were quarantined when packers (small programs, compressed executables files, encrypted code) was found in the email.
Mail Size Search for items that were quarantined when mail size exceed the maximum limit set.
Encrypted Search for items that were quarantined when encrypted content was found in the email.
Signed Search for items that were quarantined when signed content was found in the email.
Corrupted Search for items that were quarantined when corrupt content was found in the email.
Denial of Service Search for items that were quarantined when denial-of-service threat occurred. For example: if you want to retrieve all email messages that were quarantined during the event.
Protected Content Search for items that were quarantine when protected content was found and the content might not be accessed for scrutiny.
Password Protected Search for items that were quarantined when password protected content was found and the content might not be accessed for scrutiny.
Blocked MIME Search for items that were quarantined when blocked MIME (multipurpose Internet Mail Extension) were found in the email.
URL Reputation Search for items that were quarantined when URL reputation exceeds the defined threshold.
TIE Reputation Search for items that were quarantined when TIE reputation exceeds the defined threshold.
SPF Soft Fail Search for items that were quarantined when spoof content was found in the email.
SPF Hard Fail Search for items that were quarantined when spoof content was found in the email.
For more information about the search filters, see Search filters.
4 Select All Dates or a Date Range from the drop-down lists.
If you select All Dates, the query returns search results from quarantine database from day it started quarantining any detected items. If you select Date Range, select the Date, Month, Year, Hour, and Minutes from the From and To fields to enable your query to search within a date range.
5 Select Bar Graph or Pie Chart as required.
6 If you select Pie Chart, select a filter from the drop-down list to further refine your search:
Query on
Filter Description
Recipients Search using the recipient email address
Sender Search using the senders email address
Filename Search using a quarantined file name.
Detection Name Search using the name of a detected item.
Subject Search using the "subject" of an email.
Reason Search using the detection trigger or using the reason why the item was quarantined.
Rule Name Search using the name of the rule that triggered the detection.
Policy Name Search using the policy name that made the detection.
a In Maximum Results, specify the number of search results you want to view. You can view a maximum of 99 search results and this field is available only if you select pie chart.
7 Click Search. The search results are shown in the View Results pane. In Magnify Graph, select the zoom percentage to let you enlarge or reduce the view of the graph in the View Results pane The search results are shown in the View Results pane.