Cisco Denial of Service

calendar Jan 4, 2023 · attack.impact attack.t1495 attack.t1529 attack.t1565.001  ·
Share on: linkedin copy

Detect a system being shutdown or put into different boot mode

Sigma rule (View on GitHub)

 1title: Cisco Denial of Service
 2id: d94a35f0-7a29-45f6-90a0-80df6159967c
 3status: test
 4description: Detect a system being shutdown or put into different boot mode
 5author: Austin Clark
 6date: 2019/08/15
 7modified: 2023/01/04
 8tags:
 9    - attack.impact
10    - attack.t1495
11    - attack.t1529
12    - attack.t1565.001
13logsource:
14    product: cisco
15    service: aaa
16detection:
17    keywords:
18        - 'shutdown'
19        - 'config-register 0x2100'
20        - 'config-register 0x2142'
21    condition: keywords
22fields:
23    - CmdSet
24falsepositives:
25    - Legitimate administrators may run these commands, though rarely.
26level: medium

Related rules

to-top