Cisco Clear Logs

 1title: Cisco Clear Logs
 2id: ceb407f6-8277-439b-951f-e4210e3ed956
 3status: test
 4description: Clear command history in network OS which is used for defense evasion
 5references:
 6    - https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/command/reference/sysmgmt/n5k-sysmgmt-cr/n5k-sm_cmds_c.html
 7    - https://www.cisco.com/c/en/us/td/docs/ios/12_2sr/12_2sra/feature/guide/srmgtint.html#wp1127609
 8author: Austin Clark
 9date: 2019/08/12
10modified: 2023/05/26
11tags:
12    - attack.defense_evasion
13    - attack.t1070.003
14logsource:
15    product: cisco
16    service: aaa
17detection:
18    keywords:
19        - 'clear logging'
20        - 'clear archive'
21    condition: keywords
22falsepositives:
23    - Legitimate administrators may run these commands
24level: high

References

• Cisco Nexus 5000 Series NX-OS System Management Command Reference - C Commands [Cisco Nexus 5000 Series Switches]

  C Commands

  
  Read More

• Configuration Logger Persistency

  

  Configuration Logger Persistency

  
  Read More

Related rules

• Disable Powershell Command History
• Suspicious IO.FileStream
• Clearing Windows Console History
• AWS Config Disabling Channel/Recorder
• Bitsadmin to Uncommon IP Server Address