19-9
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter1 9 Managing Firewall Botnet Traffic Filter Rules
Botnet Traffic Filter Rules Page
To specify the traffic that you want to monitor, click Select to the right of the ACL field to select
an Access Control List object that identifies the traffic that you want to monitor. For example,
you might want to monitor all port 80 traffic on the outside interface. For more information
about Access Control List objects, see Creating Access Control List Objects, page 6-49.
d. In the Threat Level area, choose one of the following options to drop traffic specific threat levels.
The default level is a range between Moderate and Very High.
Note We highly recommend using the default setting unless you have strong reasons for changing
the setting.
Value—Specify the threat level you want to drop.
Range—Specify a range of threat levels.
Note Static blacklist entries are always designated with a Very High threat level.
e. Click OK.
The BTF Drop Rules Editor closes and the rule is added to the Drop Rules table.
Step 4 To add more rules, repeat steps 2 and 3, as required. When finished adding rules, click Save to s ave you r
changes.
Step 5 To treat graylisted traffic as blacklisted traffic for action purposes, on the Dynamic Blacklist
Configuration tab, check the Treat Ambiguous traffic as Blacklist check box.
If you do not enable this option, graylisted traffic will not be dropped if you configure a drop rule for
that traffic.
Botnet Traffic Filter Rules Page
You can use the Botnet Traffic Filter Rules page to define rules for identifying malicious traffic passing
through your ASA security device.
The Botnet Traffic Filter Rules page is divided into three sections:
Dynamic Blacklist Configuration Tab, page19-10
Traffic Classification Tab, page 19-11
Whitelist/Blacklist Tab, page19-14
Navigation Path
To access the Botnet Traffic Filter Rules page, do one of the following:
(Device view) Select a device, then select Firewall > Botnet Traffic Filter Rules from the Policy
selector.
(Policy view) Select Firewall > Botnet Traffic Filter Rules from the Policy Type selector. Select
an existing policy or create a new one.
(Map view) Right-click a device and select Edit Firewall Policies > Botnet Traffic Filter Rules.