Tag
Cisco ASA - New Local User Account Creation
2 rules 2 TTPsDetection of new user account creations on Cisco ASA devices, potentially indicating unauthorized access or persistence attempts by adversaries.
Cisco ASA Logging Message Suppression
2 rules 2 TTPsAdversaries may suppress specific log message IDs on Cisco ASA devices using the 'no logging message' command to selectively disable logging of security-critical events and evade detection.
Cisco ASA User Privilege Level Change Detection
2 rules 2 TTPsDetection of unauthorized privilege level changes on Cisco ASA devices, potentially indicating privilege escalation or persistence attempts by threat actors.
Cisco ASA Device File Copy to Remote Location
2 rules 3 TTPsThe analytic detects file copy operations from Cisco ASA devices to remote locations using protocols like TFTP, FTP, HTTP, HTTPS, SMB, or SCP, potentially indicating data exfiltration by threat actors targeting network devices.
Cisco ASA AAA Policy Tampering
2 rules 3 TTPsUnauthorized modifications to Cisco ASA AAA policies via CLI or ASDM can weaken authentication mechanisms, potentially enabling brute-force attacks, privilege escalation, and persistent access by malicious actors.