security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
blue-team-tools/rules/network/cisco/aaa/cisco_cli_dos.yml
T
Nasreddine Bencherchali 9d58e38bbc Merge PR #5769 from @nasbench - fix keywords rule and remove the fields field 
remove: Space After Filename - Logic was incorrect and untested
update: Potential CVE-2024-3400 Exploitation - Palo Alto GlobalProtect OS Command Injection - Update selection
update: JexBoss Command Sequence - Update the selection to use the |all modifier.
chore: remove any usage of the fields field to prepare for deprecation in the spec.
2025-11-24 09:54:29 +01:00

25 lines
595 B
YAML
Raw Permalink Blame History

title: Cisco Denial of Service
id: d94a35f0-7a29-45f6-90a0-80df6159967c
status: test
description: Detect a system being shutdown or put into different boot mode
author: Austin Clark
date: 2019-08-15
modified: 2023-01-04
tags:
- attack.impact
- attack.t1495
- attack.t1529
- attack.t1565.001
logsource:
product: cisco
service: aaa
detection:
keywords:
- 'shutdown'
- 'config-register 0x2100'
- 'config-register 0x2142'
condition: keywords
falsepositives:
- Legitimate administrators may run these commands, though rarely.
level: medium
Reference in New Issue View Git Blame Copy Permalink