security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b61d83beefbaa838d7c8e1147008812eec1d8021
blue-team-tools/rules/network/cisco/aaa/cisco_cli_disable_logging.yml
T
Nasreddine Bencherchali 9d58e38bbc Merge PR #5769 from @nasbench - fix keywords rule and remove the fields field 
remove: Space After Filename - Logic was incorrect and untested
update: Potential CVE-2024-3400 Exploitation - Palo Alto GlobalProtect OS Command Injection - Update selection
update: JexBoss Command Sequence - Update the selection to use the |all modifier.
chore: remove any usage of the fields field to prepare for deprecation in the spec.
2025-11-24 09:54:29 +01:00

24 lines
533 B
YAML
Raw Blame History

title: Cisco Disabling Logging
id: 9e8f6035-88bf-4a63-96b6-b17c0508257e
status: test
description: Turn off logging locally or remote
references:
- https://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a2.pdf
author: Austin Clark
date: 2019-08-11
modified: 2023-01-04
tags:
- attack.defense-evasion
- attack.t1562.001
logsource:
product: cisco
service: aaa
detection:
keywords:
- 'no logging'
- 'no aaa new-model'
condition: keywords
falsepositives:
- Unknown
level: high
Reference in New Issue View Git Blame Copy Permalink