Ok, I've read all the man pages and other discussions on this, so please don't just quote those back to me. I know this is an aggregation of the various drop types and that there is no "set" value that you should set your thresholds at. What I want to know is whether there is a way to tell what is triggering this message, ie: exactly what broke the threshold, something like source-IP or what ACL line is causing it?
If not, if this is simply a message that is going to be generated but you can't pull some specific information as to what generated the message, and thus tell whether its something you should take action on or ignore, is there a way to disable it all-together? I already have the "Enable scanning threat detection" box un-checked, so that's not it!
Hey Cisco, if you're going to generate these messages, I'm sure there are >tons< of us who would like to know exactly what they mean, how to interpret them and what to do about them in more detail. Your documentation is severely lacking!!