Skip to content
Threat Feed

Product

Cisco ASA

10 briefs RSS
medium advisory

Cisco ASA Device File Copy Activity

Adversaries may copy device files, including configurations and packet captures, from Cisco ASA devices via CLI or ASDM for reconnaissance, credential extraction, or data exfiltration, which can be detected via command execution logs.

Cisco ASA +1 cisco asa file_copy reconnaissance credential_access exfiltration
2r 2t
medium advisory

Cisco ASA - New Local User Account Creation

Detection of new user account creations on Cisco ASA devices, potentially indicating unauthorized access or persistence attempts by adversaries.

Cisco ASA cisco-asa account-creation persistence
2r 2t
medium advisory

Cisco ASA User Account Lockout Detection

Detection of user account lockouts on Cisco ASA devices due to excessive failed authentication attempts, potentially indicating brute-force attacks, password spraying, or credential stuffing.

Cisco ASA authentication brute_force password_spraying cisco_asa
2r 2t
medium advisory

Cisco ASA Reconnaissance Command Activity

This analytic detects potential reconnaissance on Cisco ASA devices by identifying execution of multiple information-gathering 'show' commands within a short timeframe, indicating potential enumeration by an attacker.

Cisco ASA cisco reconnaissance network
2r 3t
medium advisory

Cisco ASA Logging Message Suppression

Adversaries may suppress specific log message IDs on Cisco ASA devices using the 'no logging message' command to selectively disable logging of security-critical events and evade detection.

Cisco ASA cisco-asa logging defense-evasion network
2r 2t
high advisory

Cisco ASA User Privilege Level Change Detection

Detection of unauthorized privilege level changes on Cisco ASA devices, potentially indicating privilege escalation or persistence attempts by threat actors.

Cisco ASA cisco-asa privilege-escalation persistence network
2r 2t
medium advisory

Cisco ASA User Account Deletion

Detection of user account deletion on Cisco ASA devices, potentially indicating adversary attempts to cover tracks, disrupt incident response, or deny administrator access.

Cisco ASA cisco_asa account_deletion defense_evasion
2r 2t
high advisory

Cisco ASA Device File Copy to Remote Location

The analytic detects file copy operations from Cisco ASA devices to remote locations using protocols like TFTP, FTP, HTTP, HTTPS, SMB, or SCP, potentially indicating data exfiltration by threat actors targeting network devices.

Cisco ASA cisco-asa data-exfiltration network-device
2r 3t
high advisory

Cisco ASA Packet Capture Activity

Detection of packet capture commands on Cisco ASA devices indicates potential network sniffing for credential theft, sensitive data interception, or network traffic analysis by adversaries.

Cisco ASA cisco_asa network_sniffing credential_access
2r 2t
high advisory

Cisco ASA Logging Disabled via CLI

Detection of adversaries or malicious insiders disabling logging on a Cisco ASA device via CLI commands, hindering detection and hiding malicious activity.

Cisco ASA cisco_asa logging defense_evasion network
2r 1t