Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
549
Views
5
Helpful
1
Replies

ASA threat-detection details

mark.j.hodge
Level 3
Level 3

‎07-20-2009 02:46 AM - edited ‎03-11-2019 08:56 AM

I have basic threat detection turned on on a 5520 running 8.0(4) software. This is showing a number of "scanning" attacks. From the "sh threat-detection scanning-threat" command I can see the Targets and Attackers, but I would like more details. In particular I would like to know,

A - The targets attacked by a specific device.

B - The activity an attacker performed to put it on the list, i.e. port scan or IP scan.

Is this possible?

Labels:
0 Helpful
1 Reply 1

robertson.michael
Level 3
Level 3

‎07-23-2009 09:49 AM

Hi Mark,

Try 'show threat-detection statistics top tcp-intercept'. That may give you at least some of the information you're looking for.

'show threat-detection statistics top' Command Reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s7.html#wp1259987

Hope that helps.

-Mike

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card