Tag

Configuration-Change

1 brief RSS

Detection of Suspicious Cisco Configuration Changes via Archive Logging

This analytic detects suspicious configuration changes on Cisco devices by analyzing archive logs for activities such as backdoor account creation, SNMP community string modifications, and TFTP server configurations, potentially indicating attacker presence and lateral movement.

IOS +3 Static Tundra cisco network-security configuration-change

3r 2t 1c Jan 3, 2024