Cisco Secure Firewall - High Priority Intrusion Classification

This analytic identifies high-severity intrusion events based on the classification assigned to Snort rules within Cisco Secure Firewall logs. It leverages Cisco Secure Firewall Threat Defense logs and focuses on events classified as: - A Network Trojan was Detected - Successful Administrator Privilege Gain - Successful User Privilege Gain - Attempt to Login By a Default Username and Password - Known malware command and control traffic - Known malicious file or file based exploit - Known client side exploit attempt - Large Scale Information Leak" These classifications typically represent significant threats such as remote code execution, credential theft, lateral movement, or malware communication. Detection of these classifications should be prioritized for immediate investigation.