50-14
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 50 Configuring the Botnet Traffic Filter
Monitoring the Botnet Traffic Filter
• 338201, 338202 (greylist)
See Chapter 71, “Configuring Logging.”
Botnet Traffic Filter Monitor Panes
To monitor the Botnet Traffic Filter, see the following panes:
Command Purpose
Home > Firewall Dashboard Shows the Top Botnet Traffic Filter Hits, which shows reports of the top
10 malware sites, ports, and infected hosts. This report is a snapshot of the
data, and may not match the top 10 items since the statistics started to be
collected. If you right-click an IP address, you can invoke the whois tool
to learn more about the botnet site.
• Top Malware Sites—Shows top malware sites.
• Top Malware Ports—Shows top malware ports.
• Top Infected Hosts—Shows the top infected hosts.
Monitoring > Botnet Traffic Filter > Statistics Shows how many connections were monitored and dropped with the
Botnet Traffic Filter, and how many of those connections match the
whitelist, blacklist, and greylist. (The greylist includes addresses that are
associated with multiple domain names, but not all of these domain names
are on the blacklist.) The Details button shows how many packets at each
threat level were classified or dropped.
Monitoring > Botnet Traffic Filter > Real-time
Reports
Generates reports of the top 10 malware sites, ports, and infected hosts
monitored. The top 10 malware-sites report includes the number of
connections dropped, and the threat level and category of each site. This
report is a snapshot of the data, and may not match the top 10 items since
the statistics started to be collected.
If you right-click a site IP address, you can invoke the whois tool to learn
more about the malware site. Reports can be saved as a PDF file.
Monitoring > Botnet Traffic Filter > Infected
Hosts
Generates reports about infected hosts. These reports contain detailed
history about infected hosts, showing the correlation between infected
hosts, visited malware sites, and malware ports. The Maximum
Connections option shows the 20 infected hosts with the most number of
connections. The Latest Activity option shows the 20 hosts with the most
recent activity. The Highest Threat Level option shows the 20 hosts that
connected to the malware sites with the highest threat level. The Subnet
option shows up to 20 hosts within the specified subnet.
Reports can be saved as a PDF file, as either the Current View or the
Whole Buffer. The Whole Buffer option shows all buffered infected-hosts
information.
Monitoring > Botnet Traffic Filter > Updater
Client
Shows information about the updater server, including the server IP
address, the next time the adaptive security appliance will connect with
the server, and the database version last installed.
To Next Page
Loading...
Need help?
General
