Phoenix
Sigma IntelligenceBeta
Rule Library

Sigma Rules

12 rules found for "Austin Clark"

3,707Total
3,116Detection
451Emerging
137Hunting
Detectionhightest

Cisco Clear Logs

Clear command history in network OS which is used for defense evasion

Ciscoaaa
TA0005 · Defense EvasionT1070.003 · Clear Command History
Austin ClarkMon Aug 12network
Detectionlowtest

Cisco Collect Data

Collect pertinent data from the configuration files

Ciscoaaa
TA0007 · DiscoveryTA0006 · Credential AccessTA0009 · CollectionT1087.001 · Local Account+2
Austin ClarkSun Aug 11network
Detectionhightest

Cisco Crypto Commands

Show when private keys are being exported from the device, or when new certificates are installed

Ciscoaaa
TA0006 · Credential AccessTA0005 · Defense EvasionT1553.004 · Install Root CertificateT1552.004 · Private Keys
Austin ClarkMon Aug 12network
Detectionhightest

Cisco Disabling Logging

Turn off logging locally or remote

Ciscoaaa
TA0005 · Defense EvasionT1562.001 · Disable or Modify Tools
Austin ClarkSun Aug 11network
Detectionlowtest

Cisco Discovery

Find information about network devices that is not stored in config files

Ciscoaaa
TA0007 · DiscoveryT1083 · File and Directory DiscoveryT1201 · Password Policy DiscoveryT1057 · Process Discovery+6
Austin ClarkMon Aug 12network
Detectionmediumtest

Cisco Denial of Service

Detect a system being shutdown or put into different boot mode

Ciscoaaa
TA0040 · ImpactT1495 · Firmware CorruptionT1529 · System Shutdown/RebootT1565.001 · Stored Data Manipulation
Austin ClarkThu Aug 15network
Detectionmediumtest

Cisco File Deletion

See what files are being deleted from flash file systems

Ciscoaaa
TA0005 · Defense EvasionTA0040 · ImpactT1070.004 · File DeletionT1561.001 · Disk Content Wipe+1
Austin ClarkMon Aug 12network
Detectionmediumtest

Cisco Show Commands Input

See what commands are being input into the device by other people, full credentials can be in the history

Ciscoaaa
TA0006 · Credential AccessT1552.003 · Bash History
Austin ClarkSun Aug 11network
Detectionhightest

Cisco Local Accounts

Find local accounts being created or modified as well as remote authentication configurations

Ciscoaaa
TA0004 · Privilege EscalationTA0003 · PersistenceT1136.001 · Local AccountT1098 · Account Manipulation
Austin ClarkMon Aug 12network
Detectionmediumtest

Cisco Modify Configuration

Modifications to a config that will serve an adversary's impacts or persistence

Ciscoaaa
TA0004 · Privilege EscalationTA0002 · ExecutionTA0003 · PersistenceTA0040 · Impact+4
Austin ClarkMon Aug 12network
Detectionlowtest

Cisco Stage Data

Various protocols maybe used to put data on the device for exfil or infil

Ciscoaaa
TA0009 · CollectionTA0008 · Lateral MovementTA0011 · Command and ControlTA0010 · Exfiltration+3
Austin ClarkMon Aug 12network
Detectionmediumtest

Cisco Sniffing

Show when a monitor or a span/rspan is setup or modified

Ciscoaaa
TA0006 · Credential AccessTA0007 · DiscoveryT1040 · Network Sniffing
Austin ClarkSun Aug 11network