LoFP
/
T1557.002
T1557.002
Title
Tags
none currently known
t1200
t1498
t1557
T1557.002
infrastructure
splunk
this search might be prone to high false positives if dhcp snooping or arp inspection has been incorrectly configured, or if a device normally sends many arp packets (unlikely).
t1200
t1498
t1557
T1557.002
infrastructure
splunk
this search might be prone to high false positives if you have malfunctioning devices connected to your ethernet ports or if end users periodically connect physical devices to the network.
t1200
t1498
t1557
T1557.002
infrastructure
splunk
LoFP
/
T1557.002