Manuals / Cisco Systems / Computer Equipment / Network Router

Cisco Systems and the ASA Services Module Using the show threat-detection rate acl-drop command

Models: ASA 5555-X and the ASA Services Module ASA 5545-X ASA 5585-X ASA 5580 ASA 5505

1 712
Download 712 pages 25.77 Kb
Page 581
Image 581

Chapter 27 Configuring Threat Detection

Configuring Advanced Threat Detection Statistics

To monitor advanced threat detection statistics, perform one of the following tasks:

Command

Purpose

 

 

show threat-detection statistics

Displays the top 10 statistics.

[min-display-rate min_display_rate] top

The min-display-ratemin_display_rate argument limits the display to

[[access-list host port-protocol]

[rate-1 rate-2 rate-3]

statistics that exceed the minimum display rate in events per second. You

tcp-intercept [all] detail]]

can set the min_display_rate between 0 and 2147483647.

 

If you do not enter any options, the top 10 statistics are shown for all

 

categories.

 

To view the top 10 ACEs that match packets, including both permit and

 

deny ACEs, use the access-listkeyword. Permitted and denied traffic are

 

not differentiated in this display. If you enable basic threat detection using

 

the threat-detectionbasic-threatcommand, you can track ACL denies

 

using the show threat-detection rate acl-drop command.

 

To view only host statistics, use the host keyword. Note: Due to the threat

 

detction algorithm, an interface used as a combination failover and state

 

link could appear in the top 10 hosts; this is expected behavior, and you

 

can ignore this IP address in the display.

 

To view statistics for ports and protocols, use the port-protocolkeyword.

 

The port-protocolkeyword shows statistics for both ports and protocols

 

(both must be enabled for the display), and shows the combined statistics

 

of TCP/UDP port and IP protocol types. TCP (protocol 6) and UDP

 

(protocol 17) are not included in the display for IP protocols; TCP and

 

UDP ports are, however, included in the display for ports. If you only

 

enable statistics for one of these types, port or protocol, then you will only

 

view the enabled statistics.

 

To view TCP Intercept statistics, use the tcp-interceptkeyword. The

 

display includes the top 10 protected servers under attack. The all

 

keyword shows the history data of all the traced servers. The detail

 

keyword shows history sampling data. The ASA samples the number of

 

attacks 30 times during the rate interval, so for the default 30 minute

 

period, statistics are collected every 60 seconds.

 

The rate-1keyword shows the statistics for the smallest fixed rate

 

intervals available in the display; rate-2shows the next largest rate

 

interval; and rate-3, if you have three intervals defined, shows the largest

 

rate interval. For example, the display shows statistics for the last 1 hour,

 

8 hours, and 24 hours. If you set the rate-1keyword, the ASA shows only

 

the 1 hour time interval.

 

 

show threat-detection statistics

Displays statistics for all hosts or for a specific host or subnet.

[min-display-rate min_display_rate] host

 

[ip_address [mask]]

 

 

 

show threat-detection statistics

Displays statistics for all ports or for a specific port or range of ports.

[min-display-rate min_display_rate] port

 

[start_port[-end_port]]

 

 

 

Cisco ASA Series Firewall CLI Configuration Guide

27-11

Page 580 Page 582
Page 581
Image 581
Cisco Systems and the ASA Services Module, ASA 5505, ASA 5580 Using the show threat-detection rate acl-drop command, 27-11
Page 580 Page 582

ASA 5555-X, and the ASA Services Module, ASA 5545-X, ASA 5585-X, ASA 5580 specifications

Cisco Systems has long been a leader in the field of network security, and its Adaptive Security Appliance (ASA) series is a testament to this expertise. Within the ASA lineup, models such as the ASA 5505, ASA 5580, ASA 5585-X, ASA 5545-X, and ASA 5555-X stand out for their unique features, capabilities, and technological advancements.

The Cisco ASA 5505 is designed for small businesses or branch offices. It provides essential security features such as firewall protection, flexible VPN capabilities, and intrusion prevention. The ASA 5505 supports a user-friendly interface, allowing for straightforward management. Its built-in threat detection and prevention tools provide a layered defense, and with scalability in mind, it can accommodate various expansion options as organizational needs grow.

Moving up the line, the ASA 5580 delivers greater throughput and advanced security features. This model is suited for medium to large enterprises that require robust protection against increasingly sophisticated threats. Its multi-core architecture allows it to manage high volumes of traffic seamlessly while maintaining excellent performance levels. The ASA 5580 also supports application-layer security and customizable access policies, making it highly adaptable to diverse security environments.

The ASA 5585-X further enhances Cisco's security offerings with advanced malware protection and extensive security intelligence capabilities. It incorporates next-generation firewall features, including context-aware security, and supports advanced threat detection technologies. This model is ideal for large enterprises or data centers that prioritize security while ensuring uninterrupted network performance and availability.

For enterprises requiring a balance of performance and security, the ASA 5545-X presents a compelling option. This model features scalable performance metrics, high availability, and integrated advanced threat protection. Coupled with advanced endpoint protection and detailed monitoring capabilities, the ASA 5545-X enables organizations to manage their security posture effectively.

Lastly, the ASA 5555-X blends cutting-edge technologies with strong security infrastructures. It boasts high throughput and the ability to execute deep packet inspections. Its sophisticated architecture supports threat intelligence feeds that provide real-time security updates, making it a powerful tool against modern threats.

Each of these Cisco ASA models brings specific advantages to varied environments. Their integrative capabilities enable businesses to enhance their security postures while benefiting from seamless scalability and management. As cybersecurity threats evolve, these advanced appliances play a vital role in protecting valuable digital assets.