| NOTE: When operating the ASA in multi-context mode with a separate IDPS, threat detection cannot be enabled, and this check is Not Applicable. |
Review the ASA configuration to determine if scanning threat detection has been enabled.
threat-detection scanning-threat shun
NOTE: The parameter 'shun' is an optional parameter, and not required, but can offer additional protection by dropping further connections from the threat.
If the ASA has not been configured to enable scanning threat detection, this is a finding.