Configuring Threat Detection
This chapter describes how to configure threat detection statistics and scanning threat detection and
includes the following sections:
•
•
•
•
Information About Threat Detection
The threat detection feature consists of the following elements:
•
•
Configuring Basic Threat Detection Statistics
Basic threat detection statistics include activity that might be related to an attack, such as a DoS attack.
This section includes the following topics:
•
•
•
OL-20339-01
Information About Threat Detection, page 51-1
Configuring Basic Threat Detection Statistics, page 51-1
Configuring Advanced Threat Detection Statistics, page 51-5
Configuring Scanning Threat Detection, page 51-8
Different levels of statistics gathering for various threats.
Threat detection statistics can help you manage threats to your adaptive security appliance; for
example, if you enable scanning threat detection, then viewing statistics can help you analyze the
threat. You can configure two types of threat detection statistics:
–
Basic threat detection statistics—Includes information about attack activity for the system as a
whole. Basic threat detection statistics are enabled by default and have no performance impact.
Advanced threat detection statistics—Tracks activity at an object level, so the adaptive security
–
appliance can report activity for individual hosts, ports, protocols, or access lists. Advanced
threat detection statistics can have a major performance impact, depending on the statistics
gathered, so only the access list statistics are enabled by default.
Scanning threat detection, which determines when a host is performing a scan.
You can optionally shun any hosts determined to be a scanning threat.
Information About Basic Threat Detection Statistics, page 51-2
Guidelines and Limitations, page 51-2
Default Settings, page 51-3
C H A P T E R
Cisco ASA 5500 Series Configuration Guide using ASDM
51
51-1