LoFP / commonly run by administrators

Techniques

• t1005
• t1087
• t1087.001
• t1552
• t1552.001

Sample rules

Cisco Collect Data

• source: sigma
• technicques:
  • t1005
  • t1087
  • t1087.001
  • t1552
  • t1552.001

Description

Collect pertinent data from the configuration files

Detection logic

condition: keywords
keywords:
- show running-config
- show startup-config
- show archive config
- more