sigmaDRL-1.1from SigmaHQ/sigma
Cisco Collect Data
Collect pertinent data from the configuration files
Quality
100
FP risk
—
Forks
0
Views
0
Rule sourcerules/network/cisco/aaa/cisco_cli_collect_data.yml
title: Cisco Collect Data
id: cd072b25-a418-4f98-8ebc-5093fb38fe1a
status: test
description: Collect pertinent data from the configuration files
references:
- https://blog.router-switch.com/2013/11/show-running-config/
- https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/show_startup-config.htm
- https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/config-mgmt/configuration/15-sy/config-mgmt-15-sy-book/cm-config-diff.html
author: Austin Clark
date: 2019-08-11
modified: 2023-01-04
tags:
- attack.discovery
- attack.credential-access
- attack.collection
- attack.t1087.001
- attack.t1552.001
- attack.t1005
logsource:
product: cisco
service: aaa
detection:
keywords:
- 'show running-config'
- 'show startup-config'
- 'show archive config'
- 'more'
condition: keywords
falsepositives:
- Commonly run by administrators
level: low