Cisco ASA Series 6: Configuring Threat Detection-Advanced
Cisco ASA Series 6: Configuring Threat Detection-Advanced
Cisco ASA is a security appliance that incorporates a firewall, antivirus software, intrusion detection, and a virtual private network (VPN). It allows for proactive threat defense, preventing attacks from propagating over the network.
 |
| Fig 1.1- Configuring Threat Detection-Advanced |
⭐Check out the basic Threat Detection discussion in our first part
Cisco ASA Series 5: Configuring Threat Detection
⭐ Cisco ASA's Advanced Threat Detection 🔐
For specific objects like hosts, ports, protocols, or ACLs, advanced threat detection statistics display both allowed and dropped traffic rates. As such, it provides a finer level of control over threat monitoring. Only ACL statistics are used by default when enabling Advanced Threat Detection.
The device's performance may be impacted by the kind of statistics that are enabled. The host command for threat-detection statistics has a notable impact on performance; if your traffic load is heavy, you may want to temporarily enable this kind of data. However, there is not much of an influence from the "threat-detection statistics port" command.
Threat Detection records the quantity of packets, bytes, and drops that each host, port, and protocol object sends and receives during a certain time interval. Threat Detection monitors the top 10 ACEs (permit and deny) that experienced the greatest number of hits in a certain amount of time.
Advanced Threat Detection is just informative, much as Basic Threat Detection. The statistics from Advanced Threat Detection are used to determine whether or not to restrict traffic.
⭐ CLI Command configuration 📜
NDNA_CiscoASA(config)# threat-detection statistics { access-list|host|port|protocol|tcp-intercept}
- Access-list: Activates ACL statistics (activated by default).
- Host number-of-rate {1|2|3}: Allow statistics to be collected for the host with the given number-of-rate interval. The number of rate intervals that host statistics are preserved at is determined by the number-of-rate keyword. Because there are one rate interval by default, there is less memory use. Put the number to two or three to see additional rate intervals. For instance, you may display data for the last one, eight, and twenty-four hours if you set the value to 3. Only the data for the smallest rate interval are kept if you set this keyword to 1, which is the default. NOTICE: The "host" monitoring might impact how well ASA performs.
- Port number-of-rate {1|2|3}: Allow TCP and UDP port statistics. Refer to the description above for the term "number-of-rate."
- Enable statistics for IP protocols other than TCP/UDP with protocol number-of-rate {1|2|3}.
- tcp-intercept: Enables statistics for TCP intercepted assaults.
Continue Reading...
- Security: Cisco ASA Vs Cisco FTD - The Network DNA
- Site-to-Site VPN: IPSEC Tunnel Between an ASA and a Cisco IOS Router
- Cisco Security: Cisco ASA 5505 Interfaces configuration for Access Ports
- Cisco Security: Cisco ASA 5505 Interfaces configuration for Trunk Port
- Cisco ASA Series 1: Restoring the ASA to Factory Default Configuration
- Cisco ASA Series 2: Configuring NAT
- Cisco ASA Series 3: Easy VPN Remote
- Cisco ASA Series 4: Configuring VLANs and Sub interfaces
- Cisco ASA Series 5: Configuring Threat Detection
- Site to Site IPSec VPN Tunnel between Cisco ASA and Palo Alto Firewalls
