10-19-2016 10:33 PM - edited 03-12-2019 01:25 AM
Hello,
With log I also see the IP already list into shun database like.
10-20-2016 06:14 PM
Hi Machi,
If you have CLI access you can check few commands which will tell you about this :
show threat-detection shun --> Displays the hosts that are currently shunned.
If you want to read more about it and few more commands, that can be checked at :
http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/protect_threat.html#wp1072953
-
Pulkit
10-23-2016 09:12 PM
Hello Pulkit,
It looks could not provide me fully details. I can check via
# show threat-detection scanning-threat | grep 111.222.333.444
111.222.333.444 (outside)
But it cannot let me know details reason why it listed in shun list.
Currently I need to search back syslog for example the reason is %201013 or %313005. That is what I want to have quick result.
10-24-2016 06:51 AM
Machi,
The kind of details that you are looking for can be seen in syslogs only.
As shun related commands only give the IP addresses and counters.
-
Pulkit
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide