Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ASA threat-detection details

I have basic threat detection turned on on a 5520 running 8.0(4) software. This is showing a number of "scanning" attacks. From the "sh threat-detection scanning-threat" command I can see the Targets and Attackers, but I would like more details. In particular I would like to know,

A - The targets attacked by a specific device.

B - The activity an attacker performed to put it on the list, i.e. port scan or IP scan.

Is this possible?

1 REPLY

Re: ASA threat-detection details

Hi Mark,

Try 'show threat-detection statistics top tcp-intercept'. That may give you at least some of the information you're looking for.

'show threat-detection statistics top' Command Reference:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s7.html#wp1259987

Hope that helps.

-Mike

373
Views
5
Helpful
1
Replies