We have the Cisco ASA 5520 as a client's firewall. This firewall also has the Cisco SSM-20 as the inline IPS module.
I would like to know how to identify botnet/malicious traffic on the firewall. I do not wish to purchase the botnet filter yet. I would need to make the case for it and therefore need to id the traffic.
Any and all help is appreciated.