Tag
medium
advisory
Cisco ASA User Account Lockout Detection
2 rules 2 TTPsDetection of user account lockouts on Cisco ASA devices due to excessive failed authentication attempts, potentially indicating brute-force attacks, password spraying, or credential stuffing.
Cisco ASA
authentication
brute_force
password_spraying
cisco_asa
2r
2t
medium
advisory
Cisco ASA User Account Deletion
2 rules 2 TTPsDetection of user account deletion on Cisco ASA devices, potentially indicating adversary attempts to cover tracks, disrupt incident response, or deny administrator access.
Cisco ASA
cisco_asa
account_deletion
defense_evasion
2r
2t
high
advisory
Cisco ASA Packet Capture Activity
2 rules 2 TTPsDetection of packet capture commands on Cisco ASA devices indicates potential network sniffing for credential theft, sensitive data interception, or network traffic analysis by adversaries.
Cisco ASA
cisco_asa
network_sniffing
credential_access
2r
2t
high
advisory
Cisco ASA Logging Disabled via CLI
2 rules 1 TTPDetection of adversaries or malicious insiders disabling logging on a Cisco ASA device via CLI commands, hindering detection and hiding malicious activity.
Cisco ASA
cisco_asa
logging
defense_evasion
network
2r
1t