Cisco Discovery

calendar Aug 12, 2024 · attack.discovery attack.t1083 attack.t1201 attack.t1057 attack.t1018 attack.t1082 attack.t1016 attack.t1049 attack.t1033 attack.t1124  ·
Share on: linkedin copy

Find information about network devices that is not stored in config files

Sigma rule (View on GitHub)

 1title: Cisco Discovery
 2id: 9705a6a1-6db6-4a16-a987-15b7151e299b
 3status: test
 4description: Find information about network devices that is not stored in config files
 5references:
 6    - https://www.cisco.com/c/en/us/td/docs/server_nw_virtual/2-5_release/command_reference/show.html
 7author: Austin Clark
 8date: 2019-08-12
 9modified: 2023-01-04
10tags:
11    - attack.discovery
12    - attack.t1083
13    - attack.t1201
14    - attack.t1057
15    - attack.t1018
16    - attack.t1082
17    - attack.t1016
18    - attack.t1049
19    - attack.t1033
20    - attack.t1124
21logsource:
22    product: cisco
23    service: aaa
24detection:
25    keywords:
26        - 'dir'
27        - 'show arp'
28        - 'show cdp'
29        - 'show clock'
30        - 'show ip interface'
31        - 'show ip route'
32        - 'show ip sockets'
33        - 'show processes'
34        - 'show ssh'
35        - 'show users'
36        - 'show version'
37    condition: keywords
38falsepositives:
39    - Commonly used by administrators for troubleshooting
40level: low

References

Related rules

to-top