56-18
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter56 Configuring Threat Detection
Configuring Scanning Threat Detection
Examples
The following is sample output from the show threat-detection shun command:
hostname# show threat-detection shun
Shunned Host List:
10.1.1.6
192.168.6.7
To release the host at 10.1.1.6, enter the following command:
hostname# clear threat-detection shun 10.1.1.6
The following is sample output from the show threat-detection scanning-threat attacker command:
hostname# show threat-detection scanning-threat attacker
10.1.2.3
10.8.3.6
209.165.200.225
Feature History for Scanning Threat Detection
Table56-6 lists each feature change and the platform release in which it was implemented.
clear threat-detection shun [ip_address
[mask]]
Releases a host from being shunned. If you do not
specify an IP address, all hosts are cleared from
the shun list.
show threat-detection scanning-threat
[attacker | target]
Displays hosts that the ASA decides are attackers
(including hosts on the shun list), and displays the
hosts that are the target of an attack. If you do not
enter an option, both attackers and target hosts are
displayed.
Command Purpose
Table56-6 Feature History for Scanning Threat Detection
Feature Name
Platform
Releases Feature Information
Scanning threat detection 8.0(2) Scanning threat detection was introduced.
The following commands were introduced:
threat-detection scanning-threat, threat-detection rate
scanning-threat, show threat-detection scanning-threat,
show threat-detection shun, clear threat-detection shun.
Shun duration 8.0(4)/8.1(2) You can now set the shun duration,
The following command was introduced: threat-detection
scanning-threat shun duration.