Cisco Collect Data

 1title: Cisco Collect Data
 2id: cd072b25-a418-4f98-8ebc-5093fb38fe1a
 3status: test
 4description: Collect pertinent data from the configuration files
 5references:
 6    - https://blog.router-switch.com/2013/11/show-running-config/
 7    - https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/show_startup-config.htm
 8    - https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/config-mgmt/configuration/15-sy/config-mgmt-15-sy-book/cm-config-diff.html
 9author: Austin Clark
10date: 2019-08-11
11modified: 2023-01-04
12tags:
13    - attack.discovery
14    - attack.credential-access
15    - attack.collection
16    - attack.t1087.001
17    - attack.t1552.001
18    - attack.t1005
19logsource:
20    product: cisco
21    service: aaa
22detection:
23    keywords:
24        - 'show running-config'
25        - 'show startup-config'
26        - 'show archive config'
27        - 'more'
28    condition: keywords
29falsepositives:
30    - Commonly run by administrators
31level: low

References

• https://blog.router-switch.com/2013/11/show-running-config/

  
  Read More

• Command Reference

  With CIM Cisco Internetworking Basics, you can gain a practical understanding of the fundamental technologies, principles, and protocols used in routing. From an introduction to internetworking and the protocols used in routing, local area network switching and wide area network access, you'll learn the Cisco IOS® Software commands related to various fundamental areas of networking. You'll gain hands on experience by engaging in exercises teaching you the Cisco IOS® command-line interface (CLI), which is used to configure and manage Cisco routers.

  
  Read More

• Managing Configuration Files Configuration Guide, Cisco IOS Release 15SY - Contextual Configuration Diff Utility [Cisco IOS 15.2SY]

  Managing Configuration Files Configuration Guide, Cisco IOS Release 15SY-Contextual Configuration Diff Utility

  
  Read More

Related rules

• Automated Collection Command Prompt
• SQLite Chromium Profile Data DB Access
• SQLite Firefox Profile Data DB Access
• AADInternals PowerShell Cmdlets Execution - ProccessCreation
• AADInternals PowerShell Cmdlets Execution - PsScript