Cisco Asdm 7 User Guide

 
26-15
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 26      Configuring the Botnet Traffic Filter
  Monitoring the Botnet Traffic Filter
Botnet Traffic Filter Monitor Panes 
To monitor the Botnet Traffic Filter, see the following panes:
Command Purpose
Home > Firewall Dashboard Shows the Top Botnet Traffic Filter Hits, which shows reports of the top 
10 malware sites, ports, and infected hosts. This report is a snapshot of the 
data, and may not match the top 10 items since the...

 
26-16
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 26      Configuring the Botnet Traffic Filter
  Where to Go Next
Where to Go Next
To configure the syslog server, see Chapter 92, “Configuring Logging,” in the general operations 
configuration guide.
To block connections with an access rule, see Chapter 7, “Configuring Access Rules.”
Feature History for the Botnet Traffic Filter
Table 26-1 lists each feature change and the platform release in which it was implemented. ASDM is...

CH A P T E R
 
27-1
Cisco ASA Series Firewall ASDM Configuration Guide
 
27
Configuring Threat Detection
This chapter describes how to configure threat detection statistics and scanning threat detection and 
includes the following sections:
Information About Threat Detection, page 27-1
Licensing Requirements for Threat Detection, page 27-1
Configuring Basic Threat Detection Statistics, page 27-2
Configuring Advanced Threat Detection Statistics, page 27-5
Configuring Scanning Threat Detection, page 27-8...

 
27-2
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 27      Configuring Threat Detection
  Configuring Basic Threat Detection Statistics
Configuring Basic Threat Detection Statistics
Basic threat detection statistics include activity that might be related to an attack, such as a DoS attack.
This section includes the following topics:
Information About Basic Threat Detection Statistics, page 27-2
Guidelines and Limitations, page 27-3
Default Settings, page 27-3
Configuring Basic Threat...

 
27-3
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 27      Configuring Threat Detection
  Configuring Basic Threat Detection Statistics
Guidelines and Limitations
This section includes the guidelines and limitations for this feature:
Security Context Guidelines
Supported in single mode only. Multiple mode is not supported.
Firewall Mode Guidelines
Supported in routed and transparent firewall mode.
Types of Traffic Monitored
Only through-the-box traffic is monitored; to-the-box traffic is...

 
27-4
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 27      Configuring Threat Detection
  Configuring Basic Threat Detection Statistics
Configuring Basic Threat Detection Statistics
This section describes how to configure basic threat detection statistics, including enabling or disabling 
it and changing the default limits.
Detailed Steps
Step 1To enable or disable basic threat detection, choose the Configuration > Firewall > Threat Detection 
pane, and check the Enable Basic Threat...

 
27-5
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 27      Configuring Threat Detection
  Configuring Advanced Threat Detection Statistics
Feature History for Basic Threat Detection Statistics
Table 27-2 lists each feature change and the platform release in which it was implemented. ASDM is 
backwards-compatible with multiple platform releases, so the specific ASDM release in which support 
was added is not listed.
Configuring Advanced Threat Detection Statistics
You can configure the...

 
27-6
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 27      Configuring Threat Detection
  Configuring Advanced Threat Detection Statistics
Security Context Guidelines
Only TCP Intercept statistics are available in multiple mode.
Firewall Mode Guidelines
Supported in routed and transparent firewall mode.
Types of Traffic Monitored
Only through-the-box traffic is monitored; to-the-box traffic is not included in threat detection.
Default Settings
By default, statistics for ACLs are...

 
27-7
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 27      Configuring Threat Detection
  Configuring Advanced Threat Detection Statistics
Burst Threshold Rate—Sets the threshold for syslog message generation, between 25 and 
2147483647. The default is 400 per second. When the burst rate is exceeded, syslog message 733104 
is generated.
Average Threshold Rate—Sets the average rate threshold for syslog message generation, between 
25 and 2147483647. The default is 200 per second. When the...

 
27-8
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 27      Configuring Threat Detection
  Configuring Scanning Threat Detection
Feature History for Advanced Threat Detection Statistics
Table 27-3 lists each feature change and the platform release in which it was implemented. ASDM is 
backwards-compatible with multiple platform releases, so the specific ASDM release in which support 
was added is not listed.
Configuring Scanning Threat Detection
This section includes the following...