Cisco Cisco ASA for Nexus 1000V Series Switch Guia De Resolução De Problemas
ASA Threat Detection Functionality and
Configuration
Configuration
Document ID: 113685
Contributed by Michael Robertson, Cisco TAC Engineer.
Jul 06, 2015
Jul 06, 2015
Contents
Introduction
Threat Detection Functionality
Basic Threat Detection (System Level Rates)
Advanced Threat Detection (Object Level Statistics and Top N)
Scanning Threat Detection
Limitations
Configuration
Basic Threat Detection
Advanced Threat Detection
Scanning Threat Detection
Performance
Recommended Actions
When a Basic Drop Rate is Exceeded and %ASA−4−733100 is Generated
When a Scanning Threat is Detected and %ASA−4−733101 is Logged
When an Attacker is Shunned and %ASA−4−733102 is Logged
When %ASA−4−733104 and/or %ASA−4−733105 is Logged
How To Manually Trigger a Threat
Basic Threat − ACL Drop, Firewall, and Scanning
Advanced Threat − TCP Intercept
Scanning Threat
Related Information
Threat Detection Functionality
Basic Threat Detection (System Level Rates)
Advanced Threat Detection (Object Level Statistics and Top N)
Scanning Threat Detection
Limitations
Configuration
Basic Threat Detection
Advanced Threat Detection
Scanning Threat Detection
Performance
Recommended Actions
When a Basic Drop Rate is Exceeded and %ASA−4−733100 is Generated
When a Scanning Threat is Detected and %ASA−4−733101 is Logged
When an Attacker is Shunned and %ASA−4−733102 is Logged
When %ASA−4−733104 and/or %ASA−4−733105 is Logged
How To Manually Trigger a Threat
Basic Threat − ACL Drop, Firewall, and Scanning
Advanced Threat − TCP Intercept
Scanning Threat
Related Information
Introduction
This document describes the functionality and basic configuration of the Threat Detection feature of the Cisco
Adaptive Security Appliance (ASA). Threat Detection provides firewall administrators with the necessary
tools to identify, understand, and stop attacks before they reach the internal network infrastructure. In order to
do so, the feature relies on a number of different triggers and statistics, which is described in further detail in
these sections.
Adaptive Security Appliance (ASA). Threat Detection provides firewall administrators with the necessary
tools to identify, understand, and stop attacks before they reach the internal network infrastructure. In order to
do so, the feature relies on a number of different triggers and statistics, which is described in further detail in
these sections.
Threat Detection can be used on any ASA firewall that runs a software version of 8.0(2) or later. Although
threat detection is not a substitute for a dedicated IDS/IPS solution, it can be used in environments where an
IPS is not available to provide an added layer of protection to the core functionality of ASA.
threat detection is not a substitute for a dedicated IDS/IPS solution, it can be used in environments where an
IPS is not available to provide an added layer of protection to the core functionality of ASA.
Threat Detection Functionality
The threat detection feature has three main components:
Basic Threat Detection
1.
Advanced Threat Detection
2.
Scanning Threat Detection
3.