CHAPTER
51-1
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
51
Configuring Threat Detection
This chapter describes how to configure threat detection statistics and scanning threat detection and
includes the following sections:
• Information About Threat Detection, page 51-1
• Configuring Basic Threat Detection Statistics, page 51-1
• Configuring Advanced Threat Detection Statistics, page 51-5
• Configuring Scanning Threat Detection, page 51-8
Information About Threat Detection
The threat detection feature consists of the following elements:
• Different levels of statistics gathering for various threats.
Threat detection statistics can help you manage threats to your adaptive security appliance; for
example, if you enable scanning threat detection, then viewing statistics can help you analyze the
threat. You can configure two types of threat detection statistics:
–
Basic threat detection statistics—Includes information about attack activity for the system as a
whole. Basic threat detection statistics are enabled by default and have no performance impact.
–
Advanced threat detection statistics—Tracks activity at an object level, so the adaptive security
appliance can report activity for individual hosts, ports, protocols, or access lists. Advanced
threat detection statistics can have a major performance impact, depending on the statistics
gathered, so only the access list statistics are enabled by default.
• Scanning threat detection, which determines when a host is performing a scan.
You can optionally shun any hosts determined to be a scanning threat.
Configuring Basic Threat Detection Statistics
Basic threat detection statistics include activity that might be related to an attack, such as a DoS attack.
This section includes the following topics:
• Information About Basic Threat Detection Statistics, page 51-2
• Guidelines and Limitations, page 51-2
• Default Settings, page 51-3
To Next Page
Loading...
Need help?
General
