Configuring scanning threat detection, Monitoring shunned hosts, attackers, and targets – Cisco ASA 5505 User Manual

Page 1203

Advertising
background image

56-17

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 56 Configuring Threat Detection

Configuring Scanning Threat Detection

Configuring Scanning Threat Detection

Detailed Steps

Monitoring Shunned Hosts, Attackers, and Targets

To monitor shunned hosts and attackers and targets, perform one of the following tasks:

Command

Purpose

Step 1

threat-detection scanning-threat

[shun

[except {ip-address ip_address mask |

object-group

network_object_group_id}]]

Example:

hostname(config)# threat-detection

scanning-threat shun except ip-address

10.1.1.0 255.255.255.0

Enables scanning threat detection. By default, the system log
message 733101 is generated when a host is identified as an
attacker. Enter this command multiple times to identify multiple
IP addresses or network object groups to exempt from shunning.

Step 2

threat-detection scanning-threat shun

duration

seconds

Example:

hostname(config)# threat-detection

scanning-threat shun duration 2000

(Optional) Sets the duration of the shun for attacking hosts.

Step 3

threat-detection rate scanning-threat

rate-interval

rate_interval average-rate

av_rate burst-rate burst_rate

Example:

hostname(config)# threat-detection rate

scanning-threat rate-interval 1200

average-rate 10 burst-rate 20

hostname(config)# threat-detection rate

scanning-threat rate-interval 2400

average-rate 10 burst-rate 20

(Optional) Changes the default event limit for when the ASA
identifies a host as an attacker or as a target. If you already
configured this command as part of the basic threat detection
configuration (see the

“Configuring Basic Threat Detection

Statistics” section on page 56-2

), then those settings are shared

with the scanning threat detection feature; you cannot configure
separate rates for basic and scanning threat detection. If you do
not set the rates using this command, the default values are used
for both the scanning threat detection feature and the basic threat
detection feature. You can configure up to three different rate
intervals, by entering separate commands.

Command

Purpose

show threat-detection shun

Displays the hosts that are currently shunned.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals