51-6
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 51 Configuring Threat Detection
Configuring Advanced Threat Detection Statistics
Detailed Steps
Step 1 Choose the Configuration > Firewall > Threat Detection pane.
Step 2 In the Scanning Threat Statistics area, choose one of the following options:
• Enable all statistics—Click the Enable All Statistics radio button.
• Disable all statistics—Click the Disable All Statistics radio button.
• Enable only certain statistics—Click the Enable Only Following Statistics radio button.
Step 3 If you chose to Enable Only Following Statistics, then check one or more of the following check boxes:
• Hosts—Enables host statistics. The host statistics accumulate for as long as the host is active and in
the scanning threat host database. The host is deleted from the database (and the statistics cleared)
after 10 minutes of inactivity.
• Access Rules (enabled by default)—Enables statistics for access rules.
• Port—Enables statistics for TCP and UDP ports.
• Protocol—Enables statistics for non-TCP/UDP IP protocols.
• TCP-Intercept—Enables statistics for attacks intercepted by TCP Intercept (see the “Configuring
Connection Settings” section on page 48-8 to enable TCP Intercept).
Step 4 For host, port, and protocol statistics, you can change the number of rate intervals collected. In the Rate
Intervals area, choose 1 hour, 1 and 8 hours, or 1, 8 and 24 hours for each statistics type. The default
interval is 1 hour, which keeps the memory usage low.
Step 5 For TCP Intercept statistics, you can set the following options in the TCP Intercept Threat Detection
area:
• Monitoring Window Size—Sets the size of the history monitoring window, between 1 and 1440
minutes. The default is 30 minutes. The adaptive security appliance samples the number of attacks
30 times during the rate interval, so for the default 30 minute period, statistics are collected every
60 seconds.
• Burst Threshold Rate—Sets the threshold for syslog message generation, between 25 and
2147483647. The default is 400 per second. When the burst rate is exceeded, syslog message 733104
is generated.
• Average Threshold Rate—Sets the average rate threshold for syslog message generation, between
25 and 2147483647. The default is 200 per second. When the average rate is exceeded, syslog
message 733105 is generated.
Click Set Default to restore the default values.
Step 6 Click Apply.
To Next Page
Loading...
Need help?
General
