18-5
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 18 Threat Detection
Configure Threat Detection
Procedure
Step 1 Configure Basic Threat Detection Statistics, page 18-5.
Basic threat detection statistics include activity that might be related to an attack, such as a DoS attack.
Step 2 Configure Advanced Threat Detection Statistics, page 18-5.
Step 3 Configure Scanning Threat Detection, page 18-7.
Configure Basic Threat Detection Statistics
Basic threat detection statistics is enabled by default. You can disabled it, or turn it on again if you
disable it.
Procedure
Step 1 Enable basic threat detection statistics (if you previously disabled it).
threat-detection basic-threat
Example:
hostname(config)# threat-detection basic-threat
Basic threat detection is enabled by default. Use no threat-detection basic-threat to disable it.
Step 2 (Optional) Change the default settings for one or more type of event.
threat-detection rate {acl-drop | bad-packet-drop | conn-limit-drop | dos-drop |
fw-drop | icmp-drop | inspect-drop | interface-drop | scanning-threat | syn-attack}
rate-interval rate_interval average-rate av_rate burst-rate burst_rate
Example:
hostname(config)# threat-detection rate dos-drop rate-interval 600 average-rate 60
burst-rate 100
For a description of each event type, see Basic Threat Detection Statistics, page 18-2.
When you use this command with the scanning-threat keyword, it is also used in the scanning threat
detection. If you do not configure basic threat detection, you can still use this command with the
scanning-threat keyword to configure the rate limits for scanning threat detection.
You can configure up to three different rate intervals for each event type.
Configure Advanced Threat Detection Statistics
You can configure the ASA to collect extensive statistics. By default, statistics for ACLs are enabled. To
enable other statistics, perform the following steps.
To Next Page
Loading...
Need help?
General
