Product
Adversaries may copy device files, including configurations and packet captures, from Cisco ASA devices via CLI or ASDM for reconnaissance, credential extraction, or data exfiltration, which can be detected via command execution logs.