This analytic detects suspicious configuration changes on Cisco devices by analyzing archive logs for activities such as backdoor account creation, SNMP community string modifications, and TFTP server configurations, potentially indicating attacker presence and lateral movement.
IOS +6
Static Tundra
cisco
network-security
configuration-change
3r
2t
2c
6i
updated