Filter
Top Products
CHAPTER
60-1
Cisco ASA 5500 Series Configuration Guide using ASDM
60
Configuring Threat Detection
This chapter describes how to configure threat detection statistics and scanning threat detection and
includes the following sections:
• Information About Threat Detection, page 60-1
• Licensing Requirements for Threat Detection, page 60-1
• Configuring Basic Threat Detection Statistics, page 60-2
• Configuring Advanced Threat Detection Statistics, page 60-5
• Configuring Scanning Threat Detection, page 60-8
Information About Threat Detection
The threat detection feature consists of the following elements:
• Different levels of statistics gathering for various threats.
Threat detection statistics can help you manage threats to your ASA; for example, if you enable
scanning threat detection, then viewing statistics can help you analyze the threat. You can configure
two types of threat detection statistics:
–
Basic threat detection statistics—Includes information about attack activity for the system as a
whole. Basic threat detection statistics are enabled by default and have no performance impact.
–
Advanced threat detection statistics—Tracks activity at an object level, so the ASA can report
activity for individual hosts, ports, protocols, or access lists. Advanced threat detection statistics
can have a major performance impact, depending on the statistics gathered, so only the access
list statistics are enabled by default.
• Scanning threat detection, which determines when a host is performing a scan.
You can optionally shun any hosts determined to be a scanning threat.
Licensing Requirements for Threat Detection
The following table shows the licensing requirements for this feature:
Model License Requirement
All models Base License.