Cisco Disabling Logging
Turn off logging locally or remote
Sigma rule (View on GitHub)
1title: Cisco Disabling Logging
2id: 9e8f6035-88bf-4a63-96b6-b17c0508257e
3status: test
4description: Turn off logging locally or remote
5references:
6 - https://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a2.pdf
7author: Austin Clark
8date: 2019-08-11
9modified: 2023-01-04
10tags:
11 - attack.defense-evasion
12 - attack.t1562.001
13logsource:
14 product: cisco
15 service: aaa
16detection:
17 keywords:
18 - 'no logging'
19 - 'no aaa new-model'
20 condition: keywords
21fields:
22 - src
23 - CmdSet
24 - User
25 - Privilege_Level
26 - Remote_Address
27falsepositives:
28 - Unknown
29level: high
References
-
%PDF-1.4 %âãÏÓ 663 0 obj endobj xref 663 91 0000000016 00000 n 0000003688 00000 n 0000003863 00000 n 0000003920 00000 n 0000004053 00000 n 0000004217 00000 n 0000004738 00000 n 0000005137 00000 n 0...
Read More
Related rules
- AMSI Bypass Pattern Assembly GetType
- AWS CloudTrail Important Change
- AWS Config Disabling Channel/Recorder
- AWS GuardDuty Important Change
- Add SafeBoot Keys Via Reg Utility