EasyManua.ls Logo

Cisco ASA 5508-X

Cisco ASA 5508-X
428 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
18-7
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 18 Threat Detection
Configure Threat Detection
The rate-interval keyword sets the size of the history monitoring window, between 1 and 1440 minutes.
The default is 30 minutes. During this interval, the ASA samples the number of attacks 30 times.
The burst-rate keyword sets the threshold for syslog message generation, between 25 and 2147483647.
The default is 400 per second. When the burst rate is exceeded, syslog message 733104 is generated.
The average-rate keyword sets the average rate threshold for syslog message generation, between 25
and 2147483647. The default is 200 per second. When the average rate is exceeded, syslog message
733105 is generated.
Note This command is available in multiple context mode, unlike the other threat-detection
commands.
Configure Scanning Threat Detection
You can configure scanning threat detection to identify attackers and optionally shun them.
Procedure
Step 1 Enable scanning threat detection.
threat-detection scanning-threat [shun [except {ip-address ip_address mask | object-group
network_object_group_id}]]
Example:
hostname(config)# threat-detection scanning-threat shun except ip-address 10.1.1.0
255.255.255.0
By default, the system log message 733101 is generated when a host is identified as an attacker. Enter
this command multiple times to identify multiple IP addresses or network object groups to exempt from
shunning.
Step 2 (Optional) Set the duration of the shun for attacking hosts.
threat-detection scanning-threat shun duration seconds
Example:
hostname(config)# threat-detection scanning-threat shun duration 2000
Step 3 (Optional) Change the default event limit for when the ASA identifies a host as an attacker or as a target.
threat-detection rate scanning-threat rate-interval rate_interval average-rate av_rate
burst-rate burst_rate
Example:
hostname(config)# threat-detection rate scanning-threat rate-interval 1200 average-rate 10
burst-rate 20
hostname(config)# threat-detection rate scanning-threat rate-interval 2400 average-rate 10
burst-rate 20

Table of Contents

Other manuals for Cisco ASA 5508-X

Related product manuals