Hey all, I have enabled basic threat detection, and also enabled auto shun in hopes to speed up our web server. Using the CLI I have found 2 latest attack host list and 1 in the latest target host list. But nothing in the shun list. I understand that the shun list is enabled once some thresholds are exceeded but I've got nothing shun'ed yet. And my possible scan and Syn attack rates is always fluctuating from 1 - 25. Is there something I've missed?
Yes, that chart will include all attackers since these are based on the statistics calculated by threat-detection. Once the attackers are established and known, it will decide whether or not to shun them based on whether or not you explicitly exempt them.
If you remove the exempt portion threat-detection command, you should see that the attacker is then shunned.
Hope that helps.