Cisco Clear Logs

Aug 12, 2024 · attack.defense-evasion attack.t1070.003 ·

Clear command history in network OS which is used for defense evasion

Sigma rule (View on GitHub)

 1title: Cisco Clear Logs
 2id: ceb407f6-8277-439b-951f-e4210e3ed956
 3status: test
 4description: Clear command history in network OS which is used for defense evasion
 5references:
 6    - https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/command/reference/sysmgmt/n5k-sysmgmt-cr/n5k-sm_cmds_c.html
 7    - https://www.cisco.com/c/en/us/td/docs/ios/12_2sr/12_2sra/feature/guide/srmgtint.html#wp1127609
 8author: Austin Clark
 9date: 2019-08-12
10modified: 2023-05-26
11tags:
12    - attack.defense-evasion
13    - attack.t1070.003
14logsource:
15    product: cisco
16    service: aaa
17detection:
18    keywords:
19        - 'clear logging'
20        - 'clear archive'
21    condition: keywords
22falsepositives:
23    - Legitimate administrators may run these commands
24level: high

References

Cisco Nexus 5000 Series NX-OS System Management Command Reference - C Commands [Cisco Nexus 5000 Series Switches]

C Commands

Read More
Configuration Logger Persistency

Configuration Logger Persistency

Read More

Cisco Clear Logs

Sigma rule (View on GitHub)

References

Cisco Nexus 5000 Series NX-OS System Management Command Reference - C Commands [Cisco Nexus 5000 Series Switches]

Configuration Logger Persistency

Related rules